On 03/08/2022 21:05, Jarland Donnell via mailop wrote: > I don't understand why Firefox did this: > https://hacks.mozilla.org/2019/05/tls-1-0-and-1-1-removal-update/ > > Clients can clearly click the lock, check the details, and see which SSL > version they're using. So if the site says it's secure and it isn't, > that's on the client. So why is anyone doing this? You guys are replying > to me like I'm some insane outlier here by suggesting that there's merit > to a basic security practice of not allowing insecure ciphers/protocols, > and I'm sitting here staring at my screen saying "How can anyone call > themselves a professional and seriously argue against that?" Just cards > on the table here, that's the perspective on this side.
The problem here is the fallback to plaintext. Web browsers don't fallback to plaintext without user intervention. There is no user to intervene in email. I support disabling TLS 1.0/1.1 but there is a trade-off to be made, especially when the remote client may not even be verifying your certificate despite using TLS 1.2. The same issues arise with older ciphers and support for MD5/SHA1. If there was a viable downgrade attack that could make a TLS 1.2 client [that isn't providing a client certificate] use TLS 1.0/1.1 then that would be a good reason for disabling TLS 1.0/1.1 support. -- Simon Arlott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
