On 09 Feb 2021, at 04:23, Dominic Raferd <domi...@timedicer.co.uk> wrote: > This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 - including > the postfix-users list servers. Of course they would probably downgrade to > plaintext if required, but that would reduce security.
That is odd. My mails from the postfix list server are using TLSv1.2. Are you sure the postfix list is using end-of-life encryption? postfix/smtpd[99319] Anonymous TLS connection established from english-breakfast.cloud9.net[168.100.1.7]: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits) It's also in the received headers: Received: from english-breakfast.cloud9.net (english-breakfast.cloud9.net [168.100.1.7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.covisp.net (Postfix) with ESMTPS id 4DZgWP1ktlz2rP86 for <krem...@kreme.com>; Tue, 9 Feb 2021 04:23:45 -0700 (MST) Received: by english-breakfast.cloud9.net (Postfix) id E6D03338687; Tue, 9 Feb 2021 06:23:29 -0500 (EST) Delivered-To: postfix-users-outgo...@cloud9.net I have five times as many TLSv1.2 connections as TLSv1.3 connections today, so far, and about 7 times as many yesterday. Still no TLSv1 or TLSv1.1 today, -- What we have here is a failure to communicate.