On Mon, 26 May 2025, Slavko via Exim-users wrote:
I still do not understand one thing: why is as much effort invested
to advocate old (deprecated) versions of TLS. I understand, that
deprecated doesn't mean disallowed, i understand it as "awoid if
possible". And when one decide, that it is possible (or acceptable)
to awoid it, where is problem? Theoretical interoperability with
old SW? Or the reasons come from bad side of Power?
I have some old scanners in job not able to do modern TLS (even
one not able TLS at all), i keep dedicated MTA for them and i do not
expect, that whole word have to support old things.
The problem is that if TLS negotiation fails, most SMTP transactions
will just happen anyway, but with no encryption at all.
Unless you are willing and able to close the connection if/when
TLS fails, there is little benefit in disabling TLS <= 1.1
I am typing this on my phone, so will try to dig out the exim
config for this some time tomorrow. However I don't recommend
doing this without analyzing your traffic first.
--
Andrew C. Aitchison Kendal, UK
[email protected]
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
