On 10.01.22 12:50, Kveta Kladov wrote:
RFC 8996 deprecated TLS 1.0 and TLS 1.1 .
Would you consider to update default values for
smtp_tls_mandatory_protocols
smtp_tls_protocols,
smtpd_tls_mandatory_protocols
smtpd_tls_protocols
so that TLS 1.0 and TLS 1.1 are disabled by default ?
for mandatory protocols it should be OK
(windows 7 doesn't support tls 1.1 and tls1.2 by default, but can be made
to)
for server-server communication I checked some of maintained servers and
there's imho still too much TLSv1 connections to disable TLSv1, not even
TLSv1.1.
the alternative in server-server communication is plaintext which gives even
less security than disabling TLSv1 and TLSv1.1
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges.
