On 10 Feb 2021, at 04:13, Matus UHLAR - fantomas <[email protected]> wrote:
> On 09.02.21 14:22, @lbutlr wrote:
>> But yes, each admin needs to look at their logs and see who
>> is still using encryption they should not be using (especially since this
>> probably indicates they have not updated the ssl libraries and are going
>> to be open to any flaws/attacks/CVEs discovered since TLSv1 and TLSv1.1
>> were EOLed, making them less-trustworthy in general.
> still more trustworthy than no encryption at all
That is one way of looking at it, yes. Another way of looking at it is that a
server that hasn't updated their cryptography libraries in nearly a year is not
a trustworthy source of mail.
There's not a single answer.
(I haven't dropped TLSv1/1.1 yet, but I am checking the logs over the next week
or so and probably will if I continue to see only spammers suing it.)
--
'In the Fyres of Struggle let us bake New Men, who Will Notte heed
the old Lies.'
