Dňa 13. marca 2024 14:43:27 UTC používateľ Bill Cole via mailop
<[email protected]> napísal:
>Every time I see this argument, I am struck by an important question:
>
> What is "poor" or "weak" about TLSv1.0 and TLSv1.1 which is relevant
> in the context of SMTP, other than their easily-disabled support for
> weak ciphers?
Exactly that. When i disable CBC mode ciphers, i got empty cipher list for
both, the TLS1.0 and TLS1.1, from my GnuTLS:
gnutls-cli -l --priority
"NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-TLS1.1:-AES-128-CBC:-AES-256-CBC"
It is empty even on ancient debian 10... AFAIK difference in result is
only error message (unsupported version vs. no common ciphers).
regards
--
Slavko
https://www.slavino.sk/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
