* "li...@rhsoft.net" <li...@rhsoft.net>: > Am 21.06.2014 13:11, schrieb Stefan Foerster: > > Could someone share experience with or point me to some kind of "best > > practices" regarding opportunistic TLS, or explain the reasoning for > > banning "weak" ciphers/protocols on a public MX? (again, not talking > > about a MSA, or a third party that we have ties with, which would allow > > us to nail down protocols/ciphers with TLS policy maps) > > fire the clueless auditor not in the position to demand anything while > lacking basics himself and not able to make a difference between > HTTP and SMTP - what such people not understand is that HTTPS > don't fall back to plaintext - SMTP does
While I certainly share your view on this - though I would have worded it less strongly - my question still stands: Does anyone have real world data to share (e.g. "we disabled ciphers X, Y and Z and then N percent of clients failed back to plain"), or a pointer to some (semi-)official documentation, scientific papers or the like about this? Cheers Stefan
