On 2025-05-25 at 10:15:37 UTC-0400 (Sun, 25 May 2025 14:15:37 +0000) Slavko via Exim-users <li...@slavino.sk> is rumored to have said:
> It is hard, what is better, use weak TLS or plain text? Weak TLS, indubitably. > From my point of > view, first: it is not my problem, it is their decision (to use weak TLS). > Second, weak TLS is IMO worse than plain text, as it provides false feel > of protection and i personaly prefer to avoid false feels... But there are no weaknesses in TLS v1.0 or v1.1 relative to v1.2 and 1.3 that are relevant to SMTP sessions. Sending a message with TLSv1 or even SSLv3 prevents trivial exploitation of intercepted traffic. With plaintext, *anyone* who can intercept the traffic can read the message. With *ANY* encryption the bar for exploitation is raised to attackers who can decrypt the traffic, which is a very difficult task if a good ciphersuite is negotiated. With SSLv3 or TLSv1, that is further limited to people who possess as-yet-unknown decryption tricks. Just as it is with TLSv1.2 and TLSv1.3. There is no false feeling of security, only a real one. -- Bill Cole -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
