Since TLS 1.0 and TLS 1.1 will be phased out on March 2020, i would like to suggest removing/disabling it in EFA.
An additional request would be to integrate the Mozilla SSL Config list, which contains all the secure cihpers so you don't have to edit/remove them manually. (https://ssl-config.mozilla.org/)
I have manually disabled the TLS 1.0 and 1.1 of smtp/smtpd for now but adding it as an option would be great.
It does show a few other warnings:
https://en.internet.nl/mail/uitvaartver ... nl/321661/
- Client-initiated renegotiation
- Key Exchange parameters
- Cipher Order
Also see: https://github.com/E-F-A/v4/issues/113
Outdated TLS
Re: Outdated TLS
"I have manually disabled the TLS 1.0 and 1.1 of smtp/smtpd for now but adding it as an option would be great."
Don`t do that.
There are many servers out there running on 1 and 1.1.
You will essentially loose mail from them.
Better to filter than loose important email.
Don`t do that.
There are many servers out there running on 1 and 1.1.
You will essentially loose mail from them.
Better to filter than loose important email.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Outdated TLS
There are differences of opinion out there regarding this. I may implement hardening as an option that can be toggled, but it doesn't make sense for everybody. As gregecslo points out, you will likely lose mail even after the March phaseout.