On Thu, Mar 05, 2020 at 03:57:59PM -0800, Doug Hardie wrote:
> Small mail server with 3 weeks of logs:
>
> 1761 TLSv1
> 18 TLSv1.1
> 20414 TLSv1.2
> 6343 TLSv1.3
>
> That's not what I expected. I thought v1 and v1.1 would be reversed.
> There is a complete spectrum of ciphers being used with v1 including
> some of the most recent. I am using the defaults for the protocols
> and ciphers.
The reversal is expected, the most widely used TLS implementations that
support TLSv1.1 also support TLSv1.2, and so you see very little use of
TLSv1.1. The ancient stacks that haven't yet adopted TLS1.2, mostly
never got to TLSv1.1 either.
An interesting question in your case is what fraction of the TLSv1
connections are non-spam. Perhaps you're able to correlate the TLSv1
connections with legitimate vs. junk email.
--
Viktor.
