On 12 Oct 2018, at 21:02, pg...@dev-mail.net wrote:
Same question remains, and I suspect with a similar answer, re: TLSv1.
There's no reason for negotiating a TLSv1.0 session with a partner capable of doing better other than being lazy, cheap, and/or generally careless.
There are much better reasons to accept TLSv1.0 sessions from partners incapable of doing anything better. If you are not willing to refuse attempts to pass mail unencrypted and lose mail as a result, TLSv1.0 may be your only option to get mail from some senders. TLSv1.0 with decent ciphers is unequivocally better than cleartext transport, and most people do not have email worth the effort of cracking TLSv1.0 to anyone capable of doing so.
So, while FinCo definitely should be doing better, you probably wouldn't be doing anyone a service by refusing to accommodate their incompetence.
-- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Currently Seeking Steadier Work: https://linkedin.com/in/billcole
