[Standards] Fwd: [Uta] STARTTLS vulnerabilities

Sam Whited sam at samwhited.com
Thu Aug 12 13:38:46 UTC 2021


We've had this discussion before but for context in this thread: I
ignore that as it doesn't make any sense (and follow the second thing
and just decide myself how I want to connect). I know at least one or
two others do to, but I don't know which strategy is more wide spread.

—Sam

On Thu, Aug 12, 2021, at 09:16, Holger Weiß wrote:
> | Both 'xmpp-' and 'xmpps-' records SHOULD be treated as the same
> | record with regard to connection order as specified by RFC 2782 [3],
> | in that all priorities and weights are mixed. This enables the
> | server operator to decide if they would rather clients connect with
> | STARTTLS or direct TLS. However, clients MAY choose to prefer one
> | type of connection over the other.


More information about the Standards mailing list