nanog mailing list archives
Re: Gmail and SSL
From: Jasper Wallace <jasper () pointless net>
Date: Fri, 21 Dec 2012 07:38:17 +0000 (GMT)
On Fri, 14 Dec 2012, Christopher Morrow wrote:
On Fri, Dec 14, 2012 at 6:03 PM, Peter Kristolaitis <alter3d () alter3d ca> wrote:In my experience, free/cheap certs "not working" on some clients is, in 99.9% of cases, a misconfiguration error where the server isn't presenting the cert chain properly (usually omitting the intermediate cert), which works on some platforms (often because they include the intermediate certs to work around these kinds of problems) but not on others. Fixing the cert chain that's presented to the client has ALWAYS resolved these types of issues in my experience.and in the case of the original topic... if the gmail servers don't accept StartSSL certs, please let me know I'll see about a fix.
Tangentially to this: any chance of supporting TLSA/DANE records for _110._tcp.domain and _995._tcp.domain? (and the IMAP equivalents). That would let people carry on using self signed certs who prefer to and let people who have a cert that chains back to a root CA assert which root CA the cert should chain back to, which would be nice in these days of diginotar and comodo hacks... -- [http://pointless.net/] [0x2ECA0975]
Current thread:
- Re: Gmail and SSL, (continued)
- Re: Gmail and SSL John Peach (Dec 14)
- Re: Gmail and SSL Tim Franklin (Dec 14)
- Re: Gmail and SSL Christopher Morrow (Dec 14)
- Re: Gmail and SSL Eugen Leitl (Dec 14)
- Re: Gmail and SSL Christopher Morrow (Dec 14)
- Re: Gmail and SSL Tim Franklin (Dec 14)
- Re: Gmail and SSL John Peach (Dec 14)
- Re: Gmail and SSL Maxim Khitrov (Dec 14)
- RE: Gmail and SSL Matthew Black (Dec 14)
- Re: Gmail and SSL Peter Kristolaitis (Dec 14)
- Re: Gmail and SSL Christopher Morrow (Dec 14)
- Re: Gmail and SSL Jasper Wallace (Dec 20)
- Re: Gmail and SSL Peter Kristolaitis (Dec 29)
- Re: Gmail and SSL Christopher Morrow (Dec 30)
- Re: Gmail and SSL Jimmy Hess (Dec 30)
- Re: Gmail and SSL John Levine (Dec 30)
- Re: Gmail and SSL Jimmy Hess (Dec 30)
- Re: Gmail and SSL Rich Kulawiec (Dec 31)
- Re: Gmail and SSL John R. Levine (Dec 31)