Viktor Dukhovni via Exim-users <exim-users@exim.org> writes: > On Sat, Sep 18, 2021 at 09:45:28PM +0100, Andrew C Aitchison via > Exim-users wrote: > >> > Besides this: About 85% of the incoming traffic is still unencrypted >> > (for my statistics, mainly because some high volume mailing list >> > servers do not use TLS), about 10% uses TLS1.3, 5% still uses TLS1.2 >> > (I log TLS ciphers via +tls_cipher in Exim). >> >> It looks as though you do not allow TLSv1.1 - I suspect that a >> substantial faction of that 85% would use it if you allowed it. >> For email it is probably better to allow TLSv1.1 than reject it >> and end up receiving the message in plain. > > Make that TLS 1.0, almost nobody uses TLS 1.1, the sites that don't > support at least TLS 1.2 almost invariably only support TLS 1.0.
FWIW, I have used standard Debian exim (heavy, with GnuTLS) for my personal email server for a couple of years, and I don't recall any TLS-related problem. FWIW, it seems TLS1.2 and TLS 1.3 is in wide use, see statistics from the last couple of days on my server: root@uggla:~# zgrep ' <= ' /var/log/exim4/mainlog*|grep -v ' P=local '|grep X=TLS1.0|wc -l 3 root@uggla:~# zgrep ' <= ' /var/log/exim4/mainlog*|grep -v ' P=local '|grep X=TLS1.1|wc -l 1 root@uggla:~# zgrep ' <= ' /var/log/exim4/mainlog*|grep -v ' P=local '|grep X=TLS1.2|wc -l 640 root@uggla:~# zgrep ' <= ' /var/log/exim4/mainlog*|grep -v ' P=local '|grep X=TLS1.3|wc -l 657 root@uggla:~# zgrep ' <= ' /var/log/exim4/mainlog*|grep -v ' P=local '|grep -v X=TLS|wc -l 46 root@uggla:~# /Simon
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/