On Feb 26, 2016, at 6:02 PM, Solarus <solarus(_at_)ultrawaves(_dot_)fr> wrote:
Disabling SSLv3 can not possibly provide any security benefit here,
but may cause interop problems and less security for a few old peers.
Would you then go further and say that SMTP servers should leave SSLv2
and/or EXPORT ciphers or single-DES enabled? If not, why not?
No.
"No" as in they should not leave SSLv2/EXPORT/1DES enabled?
But with SMTP, STARTTLS is an opportunistic encryption, if you don't
support the maximum of ciphers, the other server will send you mails in
cleartext.
And it's worse to receive and send mail in cleartext than with a weak
encryption.
Your rationale seems to contradict the "No" response.
--
Viktor.