On Wed, 16 Oct 2019 17:43:07 -0000, Ð?илÑ?н Ð?алаÑ?зов said:
But for SMTP there is nothing similar. What matters is, if a weak cipher is
disabled on a mailhost, which sites will not be able to use STARTTLS with that
host. E.g. disabling TLS 1.0 (and SSL 3) will not allow anymore to encrypt
traffic with @gnu.org .
The same thing that happens with anybody else who runs deprecated services - at
some point they've gotten enough reports of problems that they get around to
upgrading.
Seriously - if gnu.org *still* doesn't support TLS 1.1 (RFC4346 came out in
April 2006), they're probably running an SSL/TLS software stack that has about
4 zillion since-patched security holes in it. And it *also* means that their
MTA software dates back to a release that doesn't insist on 1.1 or later -
which means there's probably a whole raft of since-patched security holes in
that as well.
pgpoED_chrn1O.pgp
Description: PGP signature
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp