Re: [mailop] Disabling TLS1.0 for SMTP

On 22/05/18 15:47, Al Iverson wrote: > Are folks disabling TLS1.0 support in SMTP? Our security team has > asked, but I'm a bit concerned about potential failure cases when > trying to deliver mail to smaller corporate sites that might be doing > stuff like requiring TLS but supporting 1.0

Re: [mailop] Disabling TLS1.0 for SMTP

On 05/22/2018 04:47 PM, Al Iverson wrote: Are folks disabling TLS1.0 support in SMTP? Our security team has asked, but I'm a bit concerned about potential failure cases when trying to deliver mail to smaller corporate sites that might be doing stuff like requiring TLS but supporting 1.0

Re: [mailop] Disabling TLS1.0 for SMTP

On 2018-05-22 at 14:58 -0400, Eric Tykwinski wrote: > MTA-STS will probably hit more on the valid certificate deal, but it's on the > mta-sts record to get the policy. > DANE just says this certificate is good, could be expired, self-signed, et al > as long as it passes the hash. DANE has two

Re: [mailop] Disabling TLS1.0 for SMTP

On 22 May 2018, at 12:24, Andrew C Aitchison wrote: Also, does the MTA check the name in the certificate ? Not generally. I understand that not all do (or didn't until recently) None do so with significant consequences for failure, unless they really want their mail to break on a regular

Re: [mailop] Disabling TLS1.0 for SMTP

On 22 May 2018, at 11:12, Steve Atkins wrote: On May 22, 2018, at 7:47 AM, Al Iverson wrote: Are folks disabling TLS1.0 support in SMTP? Our security team has asked, but I'm a bit concerned about potential failure cases when trying to deliver mail to smaller

Re: [mailop] Disabling TLS1.0 for SMTP

On Tue, 22 May 2018, Al Iverson wrote: Are folks disabling TLS1.0 support in SMTP? Our security team has asked, but I'm a bit concerned about potential failure cases when trying to deliver mail to smaller corporate sites that might be doing stuff like requiring TLS but supporting 1.0 onlyis

Re: [mailop] Disabling TLS1.0 for SMTP

On 22/05/2018 15:47, Al Iverson wrote: Are folks disabling TLS1.0 support in SMTP? Our security team has asked, but I'm a bit concerned about potential failure cases when trying to deliver mail to smaller corporate sites that might be doing stuff like requiring TLS but supporting 1.0 onlyis

Re: [mailop] Disabling TLS1.0 for SMTP

On Tue, May 22, 2018, Steve Atkins wrote: > If you're connecting to an MX that only supports TLS 1.0 and you've > configured your smarthost to not support TLS 1.0 for opportunistic > encryption then it's going to fall back to not using any sort of encryption > and sending as plaintext. That

Re: [mailop] Disabling TLS1.0 for SMTP

On Tue, 2018-05-22 at 10:47 -0400, Al Iverson wrote: > Are folks disabling TLS1.0 support in SMTP? Our security team has > asked, but I'm a bit concerned about potential failure cases when > trying to deliver mail to smaller corporate sites that might be doing > stuff like requiring TLS but

Re: [mailop] Disabling TLS1.0 for SMTP

> On May 22, 2018, at 7:47 AM, Al Iverson wrote: > > Are folks disabling TLS1.0 support in SMTP? Our security team has > asked, but I'm a bit concerned about potential failure cases when > trying to deliver mail to smaller corporate sites that might be doing > stuff

[mailop] Disabling TLS1.0 for SMTP

Are folks disabling TLS1.0 support in SMTP? Our security team has asked, but I'm a bit concerned about potential failure cases when trying to deliver mail to smaller corporate sites that might be doing stuff like requiring TLS but supporting 1.0 onlyis that really much of a concern? Cheers,