> RFC 8996 deprecated TLS 1.0 and TLS 1.1 .
>
> Would you consider to update default values for
>
> smtp_tls_mandatory_protocols
> smtp_tls_protocols,
> smtpd_tls_mandatory_protocols
> smtpd_tls_protocols
>
> so that TLS 1.0 and TLS 1.1 are disabled by default ?
There's no clear benefit to doing this with opportunistic TLS in SMTP.
--
Viktor.
You are right, for opportunistic TLS in SMTP and an attacker can for example
strip STARTTLS .
For
smtp_tls_mandatory_protocols,
smtpd_tls_mandatory_protocols
updated default values without TLS 1.0, TLS 1.1 would better.
=== reklama ======================================
http://mail.szm.com - e-mail a priestor na www stranku zadarmo
http://webhosting.szm.com - domény a webhosting za najnižšie ceny
