On 13/03/2024 16:43, Bill Cole via mailop wrote:
What is "poor" or "weak" about TLSv1.0 and TLSv1.1 which is relevant
in the context of SMTP, other than their easily-disabled support for
weak ciphers?
If you disable all the weak ciphers and key exchanges you're not left with a significant amount of backwards compatibility. Clients that support the better subset will most likely also speak newer versions of TLS. That's not to say there aren't any exceptions at all, but in general.
The usefulness of older TLS versions is fading quickly, especially compared to the risk of dangerous implementation flaws.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
