On 10/16/2019 3:53 PM, John Levine wrote:
In article <167179.1571248841@turing-police> you write:
Seriously - if gnu.org *still* doesn't support TLS 1.1 (RFC4346 came out in
April 2006), they're probably running an SSL/TLS software stack that has about
4 zillion since-patched security holes in it.
They're running Exim 4.71 which was released in 2009. The current
version is 4.92.3. Their mail software is a decade out of date.
This is not a hard problem to solve.
Its a difficult compatibility problem to solve. In this case, are you
(speaking in general) going instruct or program your Port 25 SMTP
client to accept only a higher degree of encryption? Or vice-versa?
The OP is correct. With SMTP, the higher SSL bar has not been imposed
even with uptopar software. With modern browsers, you can feel the
pains. Just consider, how will HSTS concepts work in SMTP?
ietf-smtp mailing list