It’s not unusual, selling into central government (UK & NL at least), to
require TLS <1.2 to be disabled even on SMTP and, in my experience, this
does mean a small (I’d suggest very small) number of remotes that are
unable and "fallback" to clear.
I personally find it a bit of a moot point; if
It appears that Benny Pedersen via mailop said:
>Suresh Ramasubramanian via mailop skrev den 2024-05-21 15:18:
>> Yeah Benny – if you’re running 16 year old code and certificates
>> that you’re still on TLS v1 or 1.1, it is time to upgrade, asap.
>> What you have is not much better or worse than
: [mailop] TLS inbound to comcast.net
CAUTION: This email originated from outside of the organization. Do not click
any links or open attachments unless you recognize the sender and know the
content is safe.
Serhii via mailop skrev den 2024-05-21 14:59:
> https://datatracker.ietf.org/doc/rfc8
Subject: Re: [mailop] TLS inbound to comcast.net
CAUTION: This email originated from outside of the organization. Do not click
any links or open attachments unless you recognize the sender and know the
content is safe.
Brotman, Alex via mailop skrev den 2024-05-20 15:09:
> Hey folks,
>
>
False sense of security (well-known broken/insecure SSLv2/v3) is worse then
plaintext usage. Anyway, you are arguing with Best Common Practice, which is
not the best pastime.
2024-05-21T14:32:28Z Benny Pedersen via mailop :
> still possible to enable sslv2, sslv3 on openssl
--
Send unsolicite
Suresh Ramasubramanian via mailop skrev den 2024-05-21 15:18:
Yeah Benny – if you’re running 16 year old code and certificates
that you’re still on TLS v1 or 1.1, it is time to upgrade, asap.
What you have is not much better or worse than sending it en clair
anyway.
tls is self adaptive, so no
Serhii via mailop skrev den 2024-05-21 14:59:
https://datatracker.ietf.org/doc/rfc8996/
yet its still possible to enable sslv2, sslv3 on openssl :)
i dont think openssl will remove support for any tls versions yet
___
mailop mailing list
mailop@ma
: mailop@mailop.org
Subject: Re: [mailop] TLS inbound to comcast.net
https://datatracker.ietf.org/doc/rfc8996/
>This document formally deprecates Transport Layer Security (TLS)
>versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those
>documents have been moved to Histor
https://datatracker.ietf.org/doc/rfc8996/
This document formally deprecates Transport Layer Security (TLS)
versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those
documents have been moved to Historic status. These versions lack
support for current and recommended cryptograp
Brotman, Alex via mailop skrev den 2024-05-20 15:09:
Hey folks,
Over the next few weeks, we're going to be disabling TLSv1/v1.1 inbound
to our platform. Most senders are already using TLSv1.2/v1.3, so I
don't think this will be an issue. However, keep in mind that if
you're not already usin
Am 20.05.2024 um 13:09:25 Uhr schrieb Brotman, Alex via mailop:
> However, keep in mind that if you're not already using those newer
> versions, you'll now revert to clear-text.
This depends on the MTA's settings.
With sendmail I experienced that the default is to try STARTTLS many
times - even w
Hey folks,
Over the next few weeks, we're going to be disabling TLSv1/v1.1 inbound to our
platform. Most senders are already using TLSv1.2/v1.3, so I don't think this
will be an issue. However, keep in mind that if you're not already using those
newer versions, you'll now revert to clear-text
12 matches
Mail list logo
