Re: [mailop] Ubuntu Noble/24.04 - TLS 1.0, 1.1 and DTLS 1.0 are forcefully disabled

Slavko via mailop Wed, 13 Mar 2024 08:45:36 -0700

Dňa 13. marca 2024 14:43:27 UTC používateľ Bill Cole via mailop 
<mailop@mailop.org> napísal:


>Every time I see this argument, I am struck by an important question:
>
>   What is "poor" or "weak" about TLSv1.0 and TLSv1.1 which is relevant
>   in the context of SMTP, other than their easily-disabled support for
>   weak ciphers?

Exactly that. When i disable CBC mode ciphers, i got empty cipher list for
both, the TLS1.0 and TLS1.1, from my GnuTLS:

     gnutls-cli -l --priority 
"NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:-AES-128-CBC:-AES-256-CBC"

It is empty even on ancient debian 10... AFAIK difference in result is
only error message (unsupported version vs. no common ciphers).

regards


-- 
Slavko
https://www.slavino.sk/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ubuntu Noble/24.04 - TLS 1.0, 1.1 and DTLS 1.0 are forcefully disabled

Reply via email to