On 05/22/2018 04:47 PM, Al Iverson wrote:
Are folks disabling TLS1.0 support in SMTP? Our security team has asked, but I'm a bit concerned about potential failure cases when trying to deliver mail to smaller corporate sites that might be doing stuff like requiring TLS but supporting 1.0 only....is that really much of a concern? Cheers, Al Iverson
Have you disabled cleartext SMTP and only allow TLS SMTP? If you still have cleartext SMTP enabled, there is no point in disabling TLS1.0 (except flaws that could reveal your keys).
Of course, for submission, disabling TLS1.0 might be interesting, all recent devices (2 years old or less) support TLS1.2. And many older ones also support it. But it all depends on where your market is.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop