On 22/05/18 15:47, Al Iverson wrote:
> Are folks disabling TLS1.0 support in SMTP? Our security team has
> asked, but I'm a bit concerned about potential failure cases when
> trying to deliver mail to smaller corporate sites that might be doing
> stuff like requiring TLS but supporting 1.0
On 05/22/2018 04:47 PM, Al Iverson wrote:
Are folks disabling TLS1.0 support in SMTP? Our security team has
asked, but I'm a bit concerned about potential failure cases when
trying to deliver mail to smaller corporate sites that might be doing
stuff like requiring TLS but supporting 1.0
On 2018-05-22 at 14:58 -0400, Eric Tykwinski wrote:
> MTA-STS will probably hit more on the valid certificate deal, but it's on the
> mta-sts record to get the policy.
> DANE just says this certificate is good, could be expired, self-signed, et al
> as long as it passes the hash.
DANE has two
On 22 May 2018, at 12:24, Andrew C Aitchison wrote:
Also, does the MTA check the name in the certificate ?
Not generally.
I understand that not all do (or didn't until recently)
None do so with significant consequences for failure, unless they really
want their mail to break on a regular
On 22 May 2018, at 11:12, Steve Atkins wrote:
On May 22, 2018, at 7:47 AM, Al Iverson
wrote:
Are folks disabling TLS1.0 support in SMTP? Our security team has
asked, but I'm a bit concerned about potential failure cases when
trying to deliver mail to smaller
On Tue, 22 May 2018, Al Iverson wrote:
Are folks disabling TLS1.0 support in SMTP? Our security team has
asked, but I'm a bit concerned about potential failure cases when
trying to deliver mail to smaller corporate sites that might be doing
stuff like requiring TLS but supporting 1.0 onlyis
On 22/05/2018 15:47, Al Iverson wrote:
Are folks disabling TLS1.0 support in SMTP? Our security team has
asked, but I'm a bit concerned about potential failure cases when
trying to deliver mail to smaller corporate sites that might be doing
stuff like requiring TLS but supporting 1.0 onlyis
On Tue, May 22, 2018, Steve Atkins wrote:
> If you're connecting to an MX that only supports TLS 1.0 and you've
> configured your smarthost to not support TLS 1.0 for opportunistic
> encryption then it's going to fall back to not using any sort of encryption
> and sending as plaintext.
That
On Tue, 2018-05-22 at 10:47 -0400, Al Iverson wrote:
> Are folks disabling TLS1.0 support in SMTP? Our security team has
> asked, but I'm a bit concerned about potential failure cases when
> trying to deliver mail to smaller corporate sites that might be doing
> stuff like requiring TLS but
> On May 22, 2018, at 7:47 AM, Al Iverson wrote:
>
> Are folks disabling TLS1.0 support in SMTP? Our security team has
> asked, but I'm a bit concerned about potential failure cases when
> trying to deliver mail to smaller corporate sites that might be doing
> stuff
Are folks disabling TLS1.0 support in SMTP? Our security team has
asked, but I'm a bit concerned about potential failure cases when
trying to deliver mail to smaller corporate sites that might be doing
stuff like requiring TLS but supporting 1.0 onlyis that really
much of a concern?
Cheers,
11 matches
Mail list logo