On Fri, Mar 06, 2020 at 02:16:42AM +0000, Allen Coates wrote:
> Virtually all my TLSv1 connections come from this mailing list...
>
> Would there be any mileage in disabling OUTBOUND TLSv1 connections while
> accepting inbound for a little while longer?
You can certainly configure each direction as appropriate. In the
outbound direction you also have the choice of per-destination policy.
So yes, it is not unreasonable (though not that compelling, or worth
much effort) to disable TLSv1 by default, and then perhaps enable it
for just any sites where TLS handshakes start to fail.
--
Viktor.
