Should TLS 1.0 be acceptable? I don't claim to be a crypto geek.
Curiously the ISM standards make TLS 1.2 only advisory: - Control: 1447; Revision: 0; Updated: Apr-15; Applicability: UD, P, C, S, TS; Compliance: must; Authority: AA - Agencies *must use TLS*. - - Control: 1139; Revision: 3; Updated: Apr-15; Applicability: UD, P, C, S, TS; Compliance: should; Authority: AA - Agencies *should use the latest version of TLS* Kind regards Paul Wilkins On 24 July 2018 at 11:10, Scott Howard <sc...@doc.net.au> wrote: > On Mon, Jul 23, 2018 at 6:00 PM, Noel Butler <noel.but...@ausics.net> > wrote: >> >> You are the one choosing to use cpanel/plesk, lazy webhost solutions that >> puts all your customers eggs in the one single basket (though I heard plesk >> may soon be changing that), sorry, but that is not TPG's fault your chosen >> hosting software lives in the 90s. >> > > Perhaps not, but it IS TPG's fault that their mail server is only > supporting encryption algorithms that live in the 90's... > > Irrespective of the PCI argument or not, TPG supporting TLS 1.0 but not > higher in 2018 simply shouldn't be seen as acceptable. > > Scott > > > _______________________________________________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog > >
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog