Hi

>>That's not correct no, I get plenty of TLS 1.0 trafic and it has been
>>the case for many years
>
>To parrot this on all of my various instances OpenSMTPD and not I get tons
>of TLS 1.0 and SSLv3 traffic, I wish I didn't but it still happens. Heck
>every now and again I see SSLv2 attempts which for most of my instances get
>killed. I haven't seen one on my OpenSMTPD instance yet but its only time.
>But seriously for email any transport encryption is better than none and
>OpenSMTPD's default should be the best way to handle opportunistic TLS
>where you always try to use the highest protocol version supported with the
>best ciphers supported, and there shouldnt need to be a knob for it.

Whilst I agree with what you are saying for general purpose mail
servers, I can see applications where enforced encryption levels are
worth having.  I can see that some company gateways, where they know
all of the other endpoints, might wish to enforce appropriate
encryption as everybody who should be talking to that MTA should be
capable of it and anything else is therefore spam or hacking.  This is
particularly plausible on any link where TLS or SSL is already
mandatory.

Regards

JC

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to