On 09 Feb 2021, at 06:21, Dominic Raferd <domi...@timedicer.co.uk> wrote: > On 09/02/2021 12:36, @lbutlr wrote: >> On 09 Feb 2021, at 04:23, Dominic Raferd <domi...@timedicer.co.uk> wrote: >>> This shows plenty of 'good' servers still using TLSv1 or TLSv1.1 - >>> including the postfix-users list servers. Of course they would probably >>> downgrade to plaintext if required, but that would reduce security. >> That is odd. My mails from the postfix list server are using TLSv1.2. Are >> you sure the postfix list is using end-of-life encryption?... > It depends how far back one's logs go! Now I look just at my logs for this > calendar year I see you are right. But there are still a few other 'good' > senders using TLSv1 or TLSv1.1, even if they shouldn't be. Not 'plenty', I > admit...
Ah, I am only looking at recent logs. I don't see how moths-ago behavior is relevant. But yes, each admin needs to look at their logs and see who is still using encryption they should not be using (especially since this probably indicates they have not updated the ssl libraries and are going to be open to any flaws/attacks/CVEs discovered since TLSv1 and TLSv1.1 were EOLed, making them less-trustworthy in general. -- Vitamins are a waste of money, you can eat like $200 worth and still feel hungry.
