Brandon Long wrote: > > > On Fri, Jun 26, 2015 at 11:53 AM, Carl Byington <c...@five-ten-sg.com > <mailto:c...@five-ten-sg.com>> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 2015-06-25 at 13:25 -0700, Brandon Long wrote: > > We haven't implemented it yet, though we expect to in the near > future. > > Does this mean that google will then refuse to deliver mail to sites > that: > > 1) advertise starttls in response to ehlo, and > 2) have a 512 bit DH key? > > That seems to be implied by "we (google) stopped falling back to > unencrypted connections..." > > > Yes, that's what I meant. We already fail delivery if you advertise > STARTTLS and we can't negotiate, either because you don't have a key > installed or whatever, or if your SSL version isn't compatible with > ours. Ie, we recently started advertising for a TLS1.2 connection on > outbound, which means some broken ssl3/tls1 clients won't be able to > work with us anymore because they didn't correctly handle a TLS1.2 ask > (even though it should be protocol compatible at that level). I > imagine at some point we'll give up on SSL3 as well (the percentage is > already pretty tiny).
And then you have those at the other end of the spectrum... Jun 26 19:27:36 battlestar postfix/smtp[67576]: 8ABEDE0437: to=<platf...@linkdatacenter.net>, relay=empmx.linkdatacenter.net[196.205.5.10]:25, delay=180723, delays=180712/0.24/5.7/5.2, dsn=4.0.0, status=deferred (host empmx.linkdatacenter.net[196.205.5.10] said: 451 5.7.3 Must issue a STARTTLS command first (in reply to MAIL FROM command)) (I haven't configured any sort of encryption in this server at all - I don't think it's even linked to an SSL library) ... You know I'm going to get someone swearing/blogging/reporting at me for 'not answering their support issue' :/ Please tell me that any sane mail server will "ok you want un-encrypted, no problem..." and "ok you want encrypted, ok well you have to be to this standard, and no if you want to drop back, sorry you have to restart the connection..." (def 'sane': anyone one might want to exchange data with) -- Michelle Sullivan http://www.mhix.org/ _______________________________________________ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
