X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=doc%2Fdoc-txt%2Fexperimental-spec.txt;h=9b472c080dbe506cb47844f5e47f0ca7915a73f1;hb=7c498df16cbb3d35eb8df3668ec426388f0dc974;hp=84fd54716c7397b70006e8f00a2bcfaeb6f2bdcb;hpb=c8f419afe4b673ce93b7db07eb3093d8a07afb5f;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 84fd54716..9b472c080 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -871,41 +871,6 @@ used via the transport in question. -REQUIRETLS support ------------------- -Ref: https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03 - -If compiled with EXPERIMENTAL_REQUIRETLS support is included for this -feature, where a REQUIRETLS option is added to the MAIL command. -The client may not retry in clear if the MAIL+REQUIRETLS fails (or was never -offered), and the server accepts an obligation that any onward transmission -by SMTP of the messages accepted will also use REQUIRETLS - or generate a -fail DSN. - -The Exim implementation includes -- a main-part option tls_advertise_requiretls; host list, default "*" -- an observability variable $requiretls returning yes/no -- an ACL "control = requiretls" modifier for setting the requirement -- Log lines and Received: headers capitalise the S in the protocol - element: "P=esmtpS" - -Differences from spec: -- we support upgrading the requirement for REQUIRETLS, including adding - it from cold, within an MTA. The spec only define the sourcing MUA - as being able to source the requirement, and makes no mention of upgrade. -- No support is coded for the RequireTLS header (which can be used - to annul DANE and/or STS policiy). [this can _almost_ be done in - transport option expansions, but not quite: it requires tha DANE-present - but STARTTLS-failing targets fallback to cleartext, which current DANE - coding specifically blocks] - -Note that REQUIRETLS is only advertised once a TLS connection is achieved -(in contrast to STARTTLS). If you want to check the advertising, do something -like "swaks -s 127.0.0.1 -tls -q HELO". - - - - Early pipelining support ------------------------ Ref: https://datatracker.ietf.org/doc/draft-harris-early-pipe/