Heho, We did some measurements on this recently, see: https://www.usenix.org/system/files/atc22-holzbauer.pdf
At the moment, I’d say that you still lose _some_ destinations (and delivering MTAs) by forcing TLS (~10% of smaller providers). This is _any_ TLS; Numbers for disabling 1.0/1.1 will look worse than those 10%, even though we did not test that. The methodology we use should be easily adjustable to also test for specific version support; However, recruiting a wide sample of people will be difficult. What you _could_ do as a large ESP is configuring multiple MXes with the same priority and different settings and run a large scale study that way about MTA’s preferences without impacting mail delivery. If you are willing to give that a shot, I’d be _very_ interested in collaborating. Side note: I recently ran into a security research institute with whom I could not agree on ciphers with the OpenSMTPd default cipher list on my side… their choices were just a tad dusty… With best regards, Tobias
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
