On 2025/05/26 11:43 PM, Andrew C Aitchison via Exim-users wrote:
Unless you are willing and able to close the connection if/when
TLS fails, there is little benefit in disabling TLS <= 1.1
Server side:
- in MAIL ACL, deny condition = ${if !def:tls_in_cipher}.
Maybe even drop.
- in authenticators, the usual for methods you don't want
on plaintext conns (eg: PLAIN and LOGIN)
Client side:
- in transport, hosts_require_tls = *
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
