On Mon, Nov 24, 2025 at 01:25:04 +1100, Viktor Dukhovni via Postfix-users wrote:
> Any particular ones?
A recent example:
Received: from hzmtaed02.ms.com (hzmtaed02.ms.com [199.89.94.47])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
Date: Wed, 5 Nov 2025 00:50:33 -0500 (EST)
From: Morgan Stanley <[email protected]>
> and you have "tls_preempt_cipherlist = yes"? And both RSA and ECDSA
> certs, but the banks don't offer RSA signature algorithms and/or TLS
> 1.2 ciphersuites?
Indeed
> > No, unfortunately, RSA-only clients won't fail to communicate with
> > ECDSA-only servers; they will just fall back to clear text. :-(
>
> Well, it may be time to stop pretending they're not the problem, let
> them suffer.
They won't "suffer", they most likely won't even notice (unless we stop
accepting clear text SMTP, which I hope we will eventually).
Geert
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
