On 09 Feb 2021, at 04:23, Dominic Raferd <[email protected]> wrote:
> This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 - including
> the postfix-users list servers. Of course they would probably downgrade to
> plaintext if required, but that would reduce security.
That is odd. My mails from the postfix list server are using TLSv1.2. Are you
sure the postfix list is using end-of-life encryption?
postfix/smtpd[99319] Anonymous TLS connection established from
english-breakfast.cloud9.net[168.100.1.7]: TLSv1.2 with cipher
ADH-AES256-GCM-SHA384 (256/256 bits)
It's also in the received headers:
Received: from english-breakfast.cloud9.net (english-breakfast.cloud9.net
[168.100.1.7])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail.covisp.net (Postfix) with ESMTPS id 4DZgWP1ktlz2rP86
for <[email protected]>; Tue, 9 Feb 2021 04:23:45 -0700 (MST)
Received: by english-breakfast.cloud9.net (Postfix)
id E6D03338687; Tue, 9 Feb 2021 06:23:29 -0500 (EST)
Delivered-To: [email protected]
I have five times as many TLSv1.2 connections as TLSv1.3 connections today, so
far, and about 7 times as many yesterday. Still no TLSv1 or TLSv1.1 today,
--
What we have here is a failure to communicate.
