[openssl-project] Potentially bad news on TLS 1.3 compatibility (sans SNI)

Viktor Dukhovni openssl-users at dukhovni.org
Thu Apr 19 17:49:25 UTC 2018

> On Apr 19, 2018, at 1:31 PM, David Benjamin <davidben at google.com> wrote:
> Consequently, opportunistic SMTP clients (or those using mandatory TLS, but without
> DANE where the SNI value is still a guessing game we did not play) won't get TLS 1.3, until they start to make up some sort of SNI name.
> I'm not sure I follow this. Why is the SNI value a guessing game? The client that does not verify the certificate does not care what certificate it gets. (This is why we still send something, rather than close the connection.) The client that does verify a certificate, whether or not failures are fatal, does not need to guess: use the name that is being verified.

There is no "the name that is being verified".  The Postfix SMTP client accepts multiple (configurable as a set) names for the peer endpoint.  This may be the next-hop domain or the MX hostname, or a sub-domain wildcard, or some fixed hardcoded-name, or a mixture of these...


More information about the openssl-project mailing list