On Wed, Oct 29, 2014 at 9:32 PM, elrippo <elrippo@???> wrote:
>
> When i use the same desktop with a client software like kmail or thunderbird, i get a x=TLSv1.0 connection to exim4
> On the other hand some other mail servers fall back to esmtp due to a lacking cipher suite, almost only googles mail server connects with TLSv1.2
> I went through almost all possible priority_strings from gnutls, and NORMAL isn't working at all, only SECURE128:!VERS-SSL3.0 and SECURE256:!VERS-SSL3.0 are producing succesfull connections.
> This is all rather confusing to me.....
>
> I filed a report on K9-mail's site, i am not the only one :)
>
> Thank you for your assistance guys!!!
>
> Kind regards,
> elrippo.
Tangent: I have not disabled SSLv3 on my mail systems, all of which
are based on OpenSSL (which is why it's only a tangent of your GnuTLS
issue). Recall that in general, the prevailing theory is that when
you disable SSLv3, you prevent a certain number of hosts who are old
and unupdated (think wireless carriers who don't release firmware
upgrades for their Android phones) from being able to use encryption
at all.
When I looked at SMTP Auth submissions for my systems, these are the counts:
2 weeks ago:
TLSv1 => 10409
SSLv3 => 1
Last week:
TLSv1 => 13114
SSLv3 => 0
So far this week:
TLSv1 => 6628
SSLv3 => 1
I'm fortunate to have a customer base that generally seems to have new
enough phones and not using Windows XP. Not everybody may be so
lucky.
As far as outbound mail, I'm seeing:
Last week:
Top 10 TLSv1 traffic domains:
1. google.com 74838
2. yahoodns.net 41362
3. hotmail.com 25461
4. aol.com 13948
5. outlook.com 8787
6. comcast.net 7544
7. att.net 3423
8. verizon.net 3059
9. icloud.com 2376
10. psmtp.com 2064
Top 10 SSLv3 traffic domains:
1. websitesource.net 7
2. spamsentinel.org 6
3. oandc.com 2
4. crescentprocessing.com 2
5. zte.com.cn 2
6. landrumstaffing.com 1
7. bradfordhealth.net 1
8. twofalls.com 1
So far this week:
Top 10 TLSv1 traffic domains:
1. google.com 43635
2. yahoodns.net 21061
3. hotmail.com 12218
4. aol.com 6574
5. outlook.com 5043
6. comcast.net 3716
7. verizon.net 2913
8. att.net 1271
9. icloud.com 1256
10. psmtp.com 1203
Top 10 SSLv3 traffic domains:
1. spamsentinel.org 2
2. areasmail.com 1
3. bradfordhealth.net 1
For what it's worth, you can also infer that there are some
organizations who are unable to enable encryption on their systems:
Top 10 none traffic domains:
1. secureserver.net 2595
2. rr.com 2394
3. verizon.net 2102
4. hinet.net 1648
5. earthlink.net 1580
6. cox.net 1218
7. optonline.net 579
8. untd.com 559
9. charter.net 472
10. synacor.com 426
...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine