Re: [Dovecot] How to disable SSL and TLSv1.1?
Am 13.09.2013 22:36, schrieb Darren Pilgrim:
This has kind of wandered out of the scope of the list
i don't think so because having a question in public means also everyone reads it understands the real usefulness
my point is that it does not help much if you have the best of all available encryptions on your IMAP server because all the messages you receive pass the wire and since you can't disable SSL/TLSv1.0/TLS1.1 on the MTA side or if you do so you receive a lot of messages *completly unecnrypted* because the sending MTA falls back
"but not enabled by default" is not relevant in the reality except you are the only user of your private server and even if see above
what benefit do you have from TLS1.2 if the message passed the wire with SSL3 or unencrpyted at all
Sure, it's not enabled by default, but those of us working proactively can enable it
taht will not go to happen for the majority of users
On by default simply means the feature has matured to the point where the cost of supporting the general userbase is reasonably small.
on by default means the ordinary users will use it off by default means the ordinary users will not use it
and until then it doe snot help much
I will be very happy to see it and all of it creaky
legacy inanity go away.
me too, and if it's only about having SSL-webhosts without a dedicated IP currently you can't use SNI in case of business websites as well as you can't disable SSL/TLS1.1/TLS1.2 as long you have potentially customers with WinXP/Outlook2003 and as long they are supported with updates you can't force a customer to upgrade
while it's not that hardliner attitude to at least support TLS1.1 i think i explained now well the non existing benefits in what you are doing if you think about the complete way a e-mail goes and in case you are not the only user of the server it's impossible to do so without lose customers or get a lot of complaints until you revert the settings
participants (1)
-
Reindl Harald