Yeah Benny – if you’re running 16 year old code and certificates that you’re still on TLS v1 or 1.1, it is time to upgrade, asap. What you have is not much better or worse than sending it en clair anyway.
From: mailop <mailop-boun...@mailop.org> on behalf of Serhii via mailop <mailop@mailop.org> Date: Tuesday, 21 May 2024 at 6:39 PM To: mailop@mailop.org <mailop@mailop.org> Subject: Re: [mailop] TLS inbound to comcast.net https://datatracker.ietf.org/doc/rfc8996/ > This document formally deprecates Transport Layer Security (TLS) > versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those > documents have been moved to Historic status. These versions lack > support for current and recommended cryptographic algorithms and > mechanisms, and various government and industry profiles of > applications using TLS now mandate avoiding these old TLS versions. > TLS version 1.2 became the recommended version for IETF protocols in > 2008 (subsequently being obsoleted by TLS version 1.3 in 2018), > providing sufficient time to transition away from older versions. > **Removing support for older versions from implementations reduces the > attack surface, reduces opportunity for misconfiguration, and > streamlines library and product maintenance.** On 5/21/24 00:33, Benny Pedersen via mailop wrote: > Brotman, Alex via mailop skrev den 2024-05-20 15:09: >> Hey folks, >> >> Over the next few weeks, we're going to be disabling TLSv1/v1.1 inbound to >> our platform. Most senders are already using TLSv1.2/v1.3, so I don't think >> this will be an issue. However, keep in mind that if you're not already >> using those newer versions, you'll now revert to clear-text. Around the same >> time, we'll also begin negatively impacting reputation for clear-text >> senders (those without TLSv1.2/v1.3). It won't be a huge impact, but many >> senders are extremely cautious in these areas. If you have questions, >> please let me know. > > i say disabling tls versions is plain stupid to make plain text a bigger > problem, simply don't make that kind of security > > if comcast.net have found a bug in openssl, please make a ticket for this, so > it will be fixed in openssl > > i don't like your wording on "hey something" > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Send unsolicited bulk mail to carl...@at.encryp.ch _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
