Earlier this week, we at Twilio SendGrid were troubleshooting timeouts when attempting to connect to certain mail servers; specifically, we observed an increase in TLS handshake timeouts and saturation of unused TCP connections on our MTA servers.
In the course of investigation, we found that some mail servers are not compatible with the default TLS configuration in Golang standard library version 1.23. Full details have been compiled by another party (see: https://tldr.fail/) but the summary is that a new post-quantum secure cryptography TLS key exchange was introduced in this version which is incompatible with some mail servers that we are sending to, and was directly tied to the TLS handshake timeouts we were observing. We compiled a list of recipient domains and associated MX servers where we were seeing the timeouts but it's a very scattered list (e.g. small business, .edu, and .gov domains), so thought it might be worth sharing the summary and link to the above site here in case anyone might be impacted. David Landers Deliverability Operations Engineer [image: %(logoAlt)s] <https://www.twilio.com/?utm_source=email_signature> EMAIL [email protected]
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
