Re: [exim] SSL forcing

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M-\MJeremy Harris at <-
M\MMAndrew C Aitchison at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] SSL forcing
Am 19.05.19 um 15:42 schrieb Jeremy Harris via Exim-users:
> On 19/05/2019 14:31, The Doctor via Exim-users wrote:
>> ow can I force e-mail from the Internet At large to be only accepted
>> if and only if done by SSL/TLS methods?
> ACL condition "encrypted".
>

Problem is, that even if tls_1.2 is out since 2008, a communication
partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
you will accept i

It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
and reject anything not 1.2 or 1.3.

If your in the EU, you need to consider this, as  §32 EU GDPR  states
"the used technique(Encryption) to proctect the transport of personal
data has to be state of the art" aka TLS 1.2 or 1.3 .


best regards,
Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] unable to send mails to subdomains - dnslookup deferRe: [exim] SSL forcing->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)