"@lbutlr" <krem...@kreme.com> writes:
> On Oct 24, 2018, at 09:19, Benny Pedersen <m...@junc.eu> wrote:
>>
>> do not disable tlsv1
>
> I couldn’t disagree more. TLSv1.2 has been out for a decade and there is no
> reason to be running v1 or v1.1. At all.
>
> I’ve been running with TLSv1.2 only for over a year.
How much email are you doing, and do you have logs of the cipher suites
and protocols attempted? It would be very interesting to know because on
my reasonably busy server doing several millions of messages a day I'm
finding quite a bit of older TLS and ciphers still being used.
I agree that this should change, but the best way I know to get this to
change is to get microsoft and google to agree to stop accepting any
email that is not encrypted and not using tls1.2 by May 1st, 2020. This
will move the market, so to speak and still give people plenty of time
to make it happen.
--
micah
