[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
From: |
Steffen Nurpmeso |
Subject: |
Re: [Lynx-dev] TLS-"transport layer security" & LYNX |
Date: |
Sat, 28 Jul 2018 23:17:20 +0200 |
User-agent: |
s-nail v14.9.10-165-gc5fab6be |
Mouse wrote in <address@hidden>:
|> SNI basically transmits the actual vhost you wish to visit, in URL
|> terms the part between https:// and the first slash after that, [...]
|> [...]
|> Then, the people [...] thought it would be good to create TLSv1.3
|> [...] and decided to add SNI to that standard; not only that, but
|> they *require* it to be used now.
|
|So, TLS 1.3 is not usable for securing anything except the Web? (That
|is, if you aren't "visit"ing a "vhost"?)
For example RFC 7672[1], 8.1. "SNI Support"
To ensure that the server sends the right certificate chain, the SMTP
client MUST send the TLS SNI extension containing the TLSA base
domain. This precludes the use of the Secure Socket Layer (SSL)
HELLO that is SSL 2.0 compatible by the SMTP client.
Each SMTP server MUST present a certificate chain (see [RFC5246],
Section 7.4.2) that matches at least one of the TLSA records. The
server MAY rely on SNI to determine which certificate chain to
present to the client. Clients that don't send SNI information may
not see the expected certificate chain.
[1] https://tools.ietf.org/rfc/rfc7672.txt
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, (continued)
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Mouse, 2018/07/23
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, David Woolley, 2018/07/24
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Stefan Caunter, 2018/07/24
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Mouse, 2018/07/24
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Halaasz Saandor, 2018/07/29
- Re: [Lynx-dev] TLS-"transport layer security" & LYNX, Larry Hynes, 2018/07/24
Re: [Lynx-dev] TLS-"transport layer security" & LYNX, David Niklas, 2018/07/28
Re: [Lynx-dev] TLS-"transport layer security" & LYNX, David Niklas, 2018/07/29