On 19/01/15 16:41, Viktor Dukhovni wrote: > That's a bug in the Exim implementation. When all TLSA records > are "unusable", the client MUST use TLS but without DANE authentication, > using either no authentication, or whatever authentication mechanisms > are appropriate via local policy. An Exim fix is in test. -- Cheers, Jeremy