ARGVMI~1.PIF (@[email protected])

#Certificate authorities have decided to stop setting the “TLS client” #EKU on the #TLS server certificates they issue. This immediately created a problem for server-to-server protocols like #SMTP and #XMPP. Now it looks like XMPP servers have begun to simply ignore their clients' certificates' EKU. https://monal-im.org/post/00016-upgrade-ejabberd-on-debian/ I thought restricting the EKU like this was a bad idea. Looks like I was right. The #CA decision is backfiring.