Copying my comment on this ticket[1] to the list for discussion
---
I would like to re-open discussion on this issue for a different use case:
In light of more vulnerabilities discovered in the TLSv1.0 protocol since
Dec 2013, I no longer feel it provides acceptable security and would like
a configuration option to disable support for it. Going even further, I
would also like to be able to disable TLSv1.1, and force all incoming
connections to use TLSv1.2.
Seeing as how this does not downgrade security, but rather upgrades it, I
think it merits consideration.
Syntax could be something like dovecot's 10-ssl.conf option
tls_protocols = !TLSv1 !TLSv1.1
Also, lets purge all references to the Netscape product from 1996...'ssl'
and replace them with the IETF standard name, 'tls'
---
[1] https://github.com/OpenSMTPD/OpenSMTPD/issues/359
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
