Hey,
On 14/01/2022 09:19, Stuart Henderson wrote:
That hostname doesn't match the certificate, it should validate ok for
storm-peaks.northrend.azeroth.wow-data.net (I also checked with
-servername to send SNI).
There's no difference between v4 and v6 for that though.
thank you very much for spending time in testing this again. Sadly i
cannot reproduce the issue. For me the certificate validates correctly
for the hostname storm-peaks.northrend.azeroth.wow-data.net.
I also used a couple of online certificate checking tools and they also
report that it works fine.
(https://www.hardenize.com/report/storm-peaks.northrend.azeroth.wow-data.net/1642159474#email
and
https://www.hardenize.com/report/storm-peaks.northrend.azeroth.wow-data.net/1642159474#email)
I read the OpenSMTPd code again last night and i cannot reproduce the
initial issue. There is basically no difference in IPv4 and IPv6
connections when they arrive at OpenSMTPd. Its just an open socket and
then OpenSMTPd operates on that completely ignoring the IP version.
I grepped the log files and in the last 7 days i had 263183 connections
via IPv6 to OpenSMTPd. 82% of them used TLS
(ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 beeing the most used)
according to the log. So i think this should be fine.
Thanks for everyone spending time looking into this, but i don't think
its a configuration or OpenBSD issue at this point.
Thanks so much and greetings
Leo
