> > In that case, PQ
> > keyshares aren't sent and STARTTLS works with "boeing.com" (still
> > hangs with default TLS 1.3 connections under OpenSSL 3.5).
>
> anyone using tls 1.2 only servers in 2025 ( 7y after 1.3 introduction )
> deserves to not get mails anymore.
It appears that roughly 20% of our inbound TLS-using email (to a large
university department) uses TLS 1.2 instead of TLS 1.3. TLS 1.2 sending
servers include some important sources of email, not just spam. Based on
a quick scan of incoming and outgoing mail servers that are using TLS
1.2, it appears that a number of email hosting providers have not yet
updated their systems to TLS 1.3, which is not surprising if it is only
seven years old.
(Based on one weekday's statistics, and only approximately 82% of
inbound email uses TLS at all.)
New TLS versions take a quite long time to propagate through the actual
real infrastructure of the Internet. TLS libraries do not update
instantly, people do not install new updated versions of TLS libraries
instantly (or at all, they install new machines that come with new TLS
libraries), etc etc.
- cks
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
