[ https://issues.apache.org/jira/browse/JAMES-1516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17409905#comment-17409905 ]
Benoit Tellier commented on JAMES-1516: --------------------------------------- Agreed, I upvote this one. Running Snyk against James got this: {code:java} Inadequate Encryption Strength Snyk Code CWE-326 Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of TLS. server/protocols/protocols-library/src/main/java/org/apache/james/protocols/lib/netty/AbstractConfigurableAsyncServer.java SSLContext context = SSLContext.getInstance("TLS"); {code} This option would offer people to supply alternative inputs without introducing braking changes... > Add TLS protocols section to smtpserver.xml > ------------------------------------------- > > Key: JAMES-1516 > URL: https://issues.apache.org/jira/browse/JAMES-1516 > Project: James Server > Issue Type: Improvement > Components: SMTPServer > Affects Versions: 3.0.0-beta5 > Reporter: Johnny Minty > Priority: Minor > > A facility to provide protocol control should also be introduced for example: > <protocols>SSLv3 TLSv1 TLSv1.1 TLSv1.2</protocols> -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org