On Tue, May 22, 2018, at 7:47 AM, Al Iverson wrote: > Are folks disabling TLS1.0 support in SMTP? Our security team has > asked, but I'm a bit concerned about potential failure cases when > trying to deliver mail to smaller corporate sites that might be doing > stuff like requiring TLS but supporting 1.0 only....is that really > much of a concern?
Admittedly a few years old (March 2016) but Yahoo shared some data about TLS versions they see: https://yahoo-security.tumblr.com/post/141495385400/measuring-smtp-starttls-deployment-quality Scrolling down to the TLS Session section, it seems at the time they still saw a large volume of TLS 1.0. I would guess that it hasn't changed enough that it is OK to blanket disable TLS 1.0 today. -Rohan _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop