On Sun, 19 May 2019, Viktor Dukhovni via Exim-users wrote:
Since LOGJAM and DROWN, the SMTP MTA "ecosystem" has moved on
from "export" ciphers and SSL2/SSL3. You can now without loss
of interoperability expect at least 128-bit ciphers and TLS 1.0.
Which are adequate for SMTP, and better than cleartext. I am
not aware of any cross-protocol attacks against TLS 1.2 via
servers that use the same certificate with TLS 1.0/1.1. And
you really don't have to and shouldn't use the same certificate
across multiple unrelated services.
Executive summary:
Although it is not immediately obvious, "multiple unrelated services"
describes "email" *on its own*.
When DROWN happened, it took me a long time to figure out why I was
uncomfortable with the advice that it was not essential to drop SSL for SMTP.
Eventually I figured out that the experts were assuming that
{smtp,imap,pop,webmail}.example.org would be used, whereas a small
setup with a single server for SMTP and webmail might use mail.example.org
for both.
I am yet to be convinced that it is unnecessary to spell out that
sharing a hostname for different *email* services has security
implications.
--
Andrew C. Aitchison Cambridge, UK
[email protected]
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
