On 1/10/22 07:23, Viktor Dukhovni wrote: > On Mon, Jan 10, 2022 at 12:50:49PM +0100, Kveta Kladov wrote: > >> RFC 8996 deprecated TLS 1.0 and TLS 1.1 . >> >> Would you consider to update default values for >> >> smtp_tls_mandatory_protocols >> smtp_tls_protocols, >> smtpd_tls_mandatory_protocols >> smtpd_tls_protocols >> >> so that TLS 1.0 and TLS 1.1 are disabled by default ? > > There's no clear benefit to doing this with opportunistic TLS in SMTP.
For opportunistic TLS, I mostly agree. I say “mostly” because disabling legacy protocols will reduce OpenSSL’s attack surface. However, if DANE, MTA-STS, or certificate verification is in use, then TLS 1.0 and TLS 1.1 should be disabled, as Postfix will fail closed in that case. The same is true for SMTPS and submission with mandatory STARTTLS. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
