using TLS (>1.2) with more than one certificate
Viktor Dukhovni
openssl-users at dukhovni.org
Tue May 24 15:31:41 UTC 2022
On Tue, May 24, 2022 at 04:10:00PM +0100, Angus Robertson - Magenta Systems Ltd wrote:
> I do see a lot of SSL connection errors in my logs, but assume these
> are mostly hackers or trackers with software not able to support
> TLS/1.2, usually with a blank SNI and ALPN and often no extensions in
> the client hello. One had 'Versions: TLSv1.1, TLSv1.3 Key Share Data'
> so got unsupported protocol.
Various less popular, but still deployed SMTP servers are not updated
nearly as often as desktop browsers, ... and some still support only
RSA. Depending on where your users' mail comes from you may need to
support RSA for SMTP. This is not a strong recommendation, but it is
something to keep in mind.
--
Viktor.
More information about the openssl-users
mailing list