Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:
I've seen zero discussion of the extent of broken vs. conforming
implementations in groups that are frequented by SMTP implementors.
All I've seen is your claim that most client implementations fail to
follow the spec in sending TLS 1.0 Hello messages. No offense,
but I don't think that's sufficient justification to change the spec.
I've just checked out a number of implementations:
qmail STARTTLS patch SSLv2 backwards compatible hello
Postfix STARTTLS patch SSLv2 backwards compatible hello
Sendmail 8.11 SSLv2 backwards compatible hello
(turned off if you're not using
RSA).
The Sendmail STARTTLS page
(http://www.sendmail.org/~ca/email/starttls.html) claims
that CommuniGate Pro 3.3BetaX and Interchange v.3.61.01
support SSLv3 only. It's unknown--at least to me what
sort of ClientHello they send.
I don't have Exchange so I can't say what it does.
-Ekr