On Sat, Oct 13, 2018 at 12:12:21PM -0400, Bill Cole wrote:
> 2. As TLSv1.0 is increasingly abandoned by both TLS implementations and
> in operational configurations, novel vulnerabilities in the old protocol
> are more likely to remain covert and hence highly useful, especially if
> they are less painful to exploit than BEAST or POODLE.
That's all nice in theory, but if I disabled TLS 1.0, I'd have some
issues receiving messages from this list and the krbdev list. My
logs since Sep 27 show non-trivial TLSv1 message counts:
190 cloud9.net
22 mit.edu
...
As yet, I see no compelling reason to disable TLS 1.0 in SMTP. What
you can and should now disable is SSLv2 and SSLv3, which Postfix
now disables by default.
--
Viktor.
