On Wed, 2024-03-13 at 15:54 +0100, Marco Moock via mailop wrote: > Although, older SSL/TLS versions have some weaknesses and when they are > not offered, they can't be used, not even for downgrading attacks. Many > clients support an option to enforce TLS/STARTTLS. That will fail in > such a situation.
Are there any scenarios where you can downgrade the protocol but not steal the entire message due to the server's identity being unverified? _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop