>Hi Ken, > >> I'm still surprised that in 2017 the main SMTP server for a large >> university would support TLS 1.0 as the _highest_ protocol. > >Agreed. > >> I can understand supporting TLS 1.0 in addition to TLS 1.1 and 1.2 to >> handle support for older clients, but NOT supporting TLS 1.1 or 1.2 >> seems crazy to me. That almost seems like a misconfiguration to me. > >Yes. Or some old Postfix with TLS patches that they're stuck on for >some reason.
I think they are running an exchange server. >> I welcome other thoughts on this topic. > >It would be worth Johan poking them a bit to find out the reason. >Presumably, most of their SMTP peers don't mind sticking at TLS 1.0 >otherwise they'd find a big "Gmail" can't send to them, for example, but >that will be the case one day so they could do with raising what they >accept before then. > >Johan, in case you don't know, you can use s_client(1) to talk SMTP and >upgrade the plain-text connection with the STARTTLS command as a test >and to show the problem to uu.se. > > openssl s_client -connect smtp.uu.se:587 -starttls smtp -tls1 > >You're left at a non-transparent connection, so best to type `quit'. To >try the higher versions, append `_1', or `_2' to the end of the -tls1 >option. Thanks. I've sent a polite question to our postmaster. Luckily I'm using an email-client where it is easy to switch what postproc to use. -- Johan Viklund Systems Developer, NBIS 073-9638928 _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
