Apple, Google, Microsoft, and Mozilla have all announced that they will be deprecating TLS 1.0 and 1.1 in March 2020, in their web browsers. Similarly, SSL Labs has announced that they will be downgrading web server scores to a maximum of B, starting in January 2020, if that webserver supports TLS 1.0/1.1.
Now, I know that what is good for web servers/browsers, isn't necessarily the same for SMTP servers. For example, I've learned from this mailing list that public facing MTAs should not require super-strong ciphers because that may force another MTA to use unencrypted communication: http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=print_post&node=88919 http://postfix.1071664.n5.nabble.com/template/NamlServlet.jtp?macro=print_post&node=80355 How does the recommendation that we not REQUIRE super-strong ciphers relate to the issue of TLS protocols? Should we continue to allow TLS 1.0/1.1 for the same reason that we should allow weak ciphers? Thanks! Bryan
