Am 19.05.19 um 15:42 schrieb Jeremy Harris via Exim-users: > On 19/05/2019 14:31, The Doctor via Exim-users wrote:
>> ow can I force e-mail from the Internet At large to be only accepted
>> if and only if done by SSL/TLS methods?
> ACL condition "encrypted".
>
Problem is, that even if tls_1.2 is out since 2008, a communication
partner may use SSLv3 or TLS 1.0/1.1 and using just "encrypted = *" ,
you will accept i
It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
and reject anything not 1.2 or 1.3.
If your in the EU, you need to consider this, as §32 EU GDPR states
"the used technique(Encryption) to proctect the transport of personal
data has to be state of the art" aka TLS 1.2 or 1.3 .