Hi Victor, on 20.09.21 17:43, Viktor Dukhovni via Exim-users wrote: >> Anyway: My main goal is to protect credentials of my users, if I would >> enable TLS1.1 and lower, I would risk that this communication is not >> secured adequately. > > Indeed, that's why I would recommend a floor of TLS 1.2 for portss 587 > and 465, but not necessarily port 25.
That is reasonable, now I need to see how to configure that in exim. >> Additionally, I enforce encryption (TLS1.2+) on outgoing connections >> (only very few sites do not support that, I maintain a list of >> exceptions, when I see mails lingering in the queue). > > This is where our priorities differ. Barring a practical downgrade > attack on SMTP STARTTLS made possible by keeping TLS 1.0 enabled, I > see little reason yet to force the remaining TLS 1.0 to use cleartext. > (Yes I'm aware of past cross-protocol attacks, see the author list of > DROWN: <https://drownattack.com/drown-attack-paper.pdf>) Kudos, real nice paper. I definitely got your point. Just for information: All hosts on my exception list do not support encryption at all (the list is so short, that I can test the hosts before adding them). Anyway, as you wrote in another mail, main attack would be stripping STARTTLS before the connection is encrypted. I currently see no real widely used extension to address that. TLSA records and DANE are not implemented widely, MTA-STS probably even less wide. Nonetheless, interesting thread with a lot points to rething and improve, thanks Victor. Regards, Thomas -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
