Pardon my ignorance what is the major risk of leaving tls 1.0 enabled... I think leaving an encryption method enabled once highergrade encryptionmethods are chosen if both parties support is a more sensible
Besides do we want to have a mail system that is so secure that a large portion of legacy systems cant negotiate security and therefore cant send mail to our servers... I think options / enforced by default options like this could seriously hurt adoption of openSMTPD
