[CentOS] Apache/PHP Installation - opinions
Alice Wonder
alice at domblogger.netWed Apr 27 08:04:26 UTC 2016
- Previous message: [CentOS] Apache/PHP Installation - opinions
- Next message: [CentOS] Apache/PHP Installation - opinions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 04/27/2016 12:59 AM, Brandon Vincent wrote: > On Wed, Apr 27, 2016 at 12:50 AM, Alice Wonder <alice at domblogger.net> wrote: >> That is the only reliable way to avoid MITM with SMTP. > > Except I can just strip STARTTLS and most MTAs will continue to connect. > No you can't. Not with a smtp that enforces DANE. If my postfix sees that your SMTP publishes a DANE record then it will refuse to connect unless it is a secure connection with a certificate that matches the fingerprint in the TLSA record. See RFC 7672 But the postfix in RHEL / CentOS 7 does not support that.
- Previous message: [CentOS] Apache/PHP Installation - opinions
- Next message: [CentOS] Apache/PHP Installation - opinions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list