On Wed, 16 Oct 2019 17:43:07 -0000, Ð?Ð¸Ð»Ñ?Ð½ Ð?Ð°Ð»Ð°Ñ?Ð·Ð¾Ð² said:
But for SMTP there is nothing similar. What matters is, if a weak cipher is
disabled on a mailhost, which sites will not be able to use STARTTLS with that
host. E.g. disabling TLS 1.0 (and SSL 3) will not allow anymore to encrypt
traffic with @gnu.org .
The same thing that happens with anybody else who runs deprecated services - at
some point they've gotten enough reports of problems that they get around to
Seriously - if gnu.org *still* doesn't support TLS 1.1 (RFC4346 came out in
April 2006), they're probably running an SSL/TLS software stack that has about
4 zillion since-patched security holes in it. And it *also* means that their
MTA software dates back to a release that doesn't insist on 1.1 or later -
which means there's probably a whole raft of since-patched security holes in
that as well.
Description: PGP signature
ietf-smtp mailing list