On Thu, Jan 12, 2017 at 09:00:20PM +0000, Dominic Raferd wrote:
> Just for amusement (it's been a long day) I had a look at the selected
> encryption for incoming mails on one of our servers over the last few
> months. One cipher and one protocol predominates
> [ECDHE-RSA-AES128-GCM-SHA256 (128/128_bits) TLSv1.2] but quite a range
> of others are used too, I would prefer to disable TLSv1(.0) because it
> does not pass PCI DSS v3.2 but evidently that is not workable at the
> moment:

Can you explain how PCI DSS applies to mail.  Espcially for a public MX,
which can't use mandatory encryption?

Do you really send payment data via mail?


Where there's no emotion, there's no motive for violence.
                -- Spock, "Dagger of the Mind", stardate 2715.1

Reply via email to