On 8/4/22 1:10 PM, L. Mark Stone via mailop wrote:
Like others who have commented, we believe weak encryption is worse than no encryption, so we have disabled TLSv1 and TLSv1.1 everywhere in our email systems, allowing only TLSv1.2 and TLSv1.3.
I do not understand why people think / believe this.The closest thing that I've seen in this thread is related to a false sense of security with weak encryption and / or additional attack surface in supporting weak encryption.
Saying "we have disabled" tends to imply that the code / attack surface is still there. Which leaves the perception.
I'm genuinely trying to understand why people think / believe this.This seems to me like you are saying "if you can't meet our encryption standards, then you don't get to use any encryption at all".
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
