On 09 Feb 2021, at 04:23, Dominic Raferd <domi...@timedicer.co.uk> wrote:
This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 -
including the postfix-users list servers. Of course they would
probably downgrade to plaintext if required, but that would reduce
security.
On 09/02/2021 12:36, @lbutlr wrote:
That is odd. My mails from the postfix list server are using TLSv1.2.
Are you sure the postfix list is using end-of-life encryption?...
On 09 Feb 2021, at 06:21, Dominic Raferd <domi...@timedicer.co.uk> wrote:
It depends how far back one's logs go! Now I look just at my logs for
this calendar year I see you are right. But there are still a few other
'good' senders using TLSv1 or TLSv1.1, even if they shouldn't be. Not
'plenty', I admit...
On 09.02.21 14:22, @lbutlr wrote:
Ah, I am only looking at recent logs. I don't see how moths-ago behavior
is relevant. But yes, each admin needs to look at their logs and see who
is still using encryption they should not be using (especially since this
probably indicates they have not updated the ssl libraries and are going
to be open to any flaws/attacks/CVEs discovered since TLSv1 and TLSv1.1
were EOLed, making them less-trustworthy in general.
still more trustworthy than no encryption at all, as was multiple times
mentioned here.
https://marc.info/?l=postfix-users&m=143884497605106&w=2
https://marc.info/?l=postfix-users&m=152907910501143&w=2
https://marc.info/?l=postfix-users&m=158344470515844&w=2
and, of course:
https://tools.ietf.org/html/rfc7435#section-1.2
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
