Disabling support for less secure transport encryption protocols doesn't increase security if the senders can then switch to unencrypted transport as a fallback.
It's a pretty big and well respected security practice to consider plain text to be more secure than insecure SSL for one reason: A plain text connection isn't logged or reported as a secure connection. Both being insecure, only one of the two involves your server negotiating and reporting to the third party that you are accepting it over a secure connection. Which is basically a lie. Plain isn't a lie, and that's worth something.
I get by alright while blocking insecure protocols and ciphers. Every now and then I'll get a laugh because some small "security" company will refuse to deliver mail to the servers while demanding to only speak over insecure protocols/ciphers.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
