Hi Ken,
I'm still surprised that in 2017 the main SMTP server for a large
university would support TLS 1.0 as the _highest_ protocol.
Agreed.
I can understand supporting TLS 1.0 in addition to TLS 1.1 and 1.2 to
handle support for older clients, but NOT supporting TLS 1.1 or 1.2
seems crazy to me. That almost seems like a misconfiguration to me.
Yes. Or some old Postfix with TLS patches that they're stuck on for
some reason.
I think they are running an exchange server.
I welcome other thoughts on this topic.
It would be worth Johan poking them a bit to find out the reason.
Presumably, most of their SMTP peers don't mind sticking at TLS 1.0
otherwise they'd find a big "Gmail" can't send to them, for example, but
that will be the case one day so they could do with raising what they
accept before then.
Johan, in case you don't know, you can use s_client(1) to talk SMTP and
upgrade the plain-text connection with the STARTTLS command as a test
and to show the problem to uu.se.
openssl s_client -connect smtp.uu.se:587 -starttls smtp -tls1
You're left at a non-transparent connection, so best to type `quit'. To
try the higher versions, append `_1', or `_2' to the end of the -tls1
option.
Thanks. I've sent a polite question to our postmaster.
Luckily I'm using an email-client where it is easy to switch what postproc to
use.
--
Johan Viklund
Systems Developer, NBIS
073-9638928
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers