Brandon Long wrote:
On Tue, Jun 30, 2015 at 8:12 AM, Hugo Slabbert hslabb...@stargate.ca
mailto:hslabb...@stargate.ca wrote:
On Tue 2015-Jun-30 01:04:48 +0200, Michelle Sullivan
miche...@sorbs.net mailto:miche...@sorbs.net wrote:
That said, so far today, only 0.015% of
Hugo Slabbert wrote:
On Tue 2015-Jun-30 01:04:48 +0200, Michelle Sullivan
miche...@sorbs.net wrote:
That said, so far today, only 0.015% of our outbound messages that
were over an encrypted link were using SSLv3. At our volume, that's
not nothing, unfortunately, but it's a pretty small
On Tue 2015-Jun-30 01:04:48 +0200, Michelle Sullivan miche...@sorbs.net
wrote:
That said, so far today, only 0.015% of our outbound messages that
were over an encrypted link were using SSLv3. At our volume, that's
not nothing, unfortunately, but it's a pretty small amount to allow to
On Mon, Jun 29, 2015 at 1:48 PM, Michelle Sullivan miche...@sorbs.net
wrote:
Brandon Long wrote:
On Fri, Jun 26, 2015 at 7:03 PM, Michelle Sullivan miche...@sorbs.net
mailto:miche...@sorbs.net wrote:
Sure SMTP can have the lowest common denominator, but I thought the
Brandon Long wrote:
On Mon, Jun 29, 2015 at 1:48 PM, Michelle Sullivan miche...@sorbs.net
mailto:miche...@sorbs.net wrote:
Thoughts/comments welcome.
Sure, there's a bit of political or privacy argument involved here,
that some people think why does this need to be encrypted. There
29. Jun 2015 23:04 by miche...@sorbs.net:
Brandon Long wrote:
Inbound is 0.1% at SSLv3, 37% at TLSv1.
So +60% is unencrypted inbound... because it has to be or because it is
not forced otherwise... that is the burning question. You policy
Encrypted or nothing and it'll be interesting how
I've considered an opposite DANE, where a server can know whether to refuse
an unencrypted connection. One could imagine an extension to spf for
example saying that only encrypted connections from these ips are to be
considered authed, or just abusing spf as for encryption required as well.
Spf
27. Jun 2015 02:03 by miche...@sorbs.net:
2/ You want to ensure credentials for SMTP-AUTH are not compromised you
SSL3/TLS/TLSv1.2,DH=4096 the connection
No SSLv3, please! http://disablessl3.com
___
mailop mailing list
mailop@mailop.org
On Fri, Jun 26, 2015 at 11:53 AM, Carl Byington c...@five-ten-sg.com
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2015-06-25 at 13:25 -0700, Brandon Long wrote:
We haven't implemented it yet, though we expect to in the near future.
Does this mean that google will then
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2015-06-25 at 00:09 +0100, Brandon Long wrote:
Not in front of a computer to check if we see failures like this, but
we (google) stopped falling back to unencrypted connections 2y ago.
This had an impact on a small number of misconfigured
On Sat, Jun 20, 2015 at 11:33:00AM -0500, Frank Bulk wrote:
http://www.circleid.com/posts/20150620_logjam_openssl_and_email_deliverabili
ty/
FYI, just a heads up.
OpenSSL now rejects handshakes using DH parameters shorter than 768 bits
as a countermeasure against the Logjam attack
On 2015-06-23 at 16:35 +0200, Johann Klasek wrote:
On Sat, Jun 20, 2015 at 11:33:00AM -0500, Frank Bulk wrote:
http://www.circleid.com/posts/20150620_logjam_openssl_and_email_deliverabili
ty/
FYI, just a heads up.
OpenSSL now rejects handshakes using DH parameters shorter than 768
http://www.circleid.com/posts/20150620_logjam_openssl_and_email_deliverabili
ty/
FYI, just a heads up.
Frank
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop
13 matches
Mail list logo