Outdated TLS

Request and discuss new features you would like to have.
Post Reply
Justin
Posts: 107
Joined: 18 Sep 2014 13:00
Location: The Netherlands
Contact:

Outdated TLS

Post by Justin » 14 Feb 2020 08:03

Since TLS 1.0 and TLS 1.1 will be phased out on March 2020, i would like to suggest removing/disabling it in EFA.

An additional request would be to integrate the Mozilla SSL Config list, which contains all the secure cihpers so you don't have to edit/remove them manually. (https://ssl-config.mozilla.org/)
I have manually disabled the TLS 1.0 and 1.1 of smtp/smtpd for now but adding it as an option would be great.

It does show a few other warnings:
https://en.internet.nl/mail/uitvaartver ... nl/321661/
- Client-initiated renegotiation
- Key Exchange parameters
- Cipher Order

Also see: https://github.com/E-F-A/v4/issues/113

gregecslo
Posts: 44
Joined: 09 Sep 2018 17:55

Re: Outdated TLS

Post by gregecslo » 15 Feb 2020 19:39

"I have manually disabled the TLS 1.0 and 1.1 of smtp/smtpd for now but adding it as an option would be great."

Don`t do that.
There are many servers out there running on 1 and 1.1.

You will essentially loose mail from them.

Better to filter than loose important email.

User avatar
shawniverson
Posts: 3092
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Outdated TLS

Post by shawniverson » 19 Feb 2020 00:13

There are differences of opinion out there regarding this. I may implement hardening as an option that can be toggled, but it doesn't make sense for everybody. As gregecslo points out, you will likely lose mail even after the March phaseout.
Version eFa 4.0.2 now available!

Post Reply