Re: [exim] SSL forcing

Góra strony
Delete this message
Reply to this message
Autor: Cyborg
Data:  
Dla: exim-users
Temat: Re: [exim] SSL forcing
Am 19.05.19 um 15:42 schrieb Jeremy Harris via Exim-users:
> On 19/05/2019 14:31, The Doctor via Exim-users wrote:
>> ow can I force e-mail from the Internet At large to be only accepted
>> if and only if done by SSL/TLS methods?
> ACL condition "encrypted".
>


Problem is, that even if tls_1.2 is out since 2008, a communication
partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
you will accept i

It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
and reject anything not 1.2 or 1.3.

If your in the EU, you need to consider this, as  §32 EU GDPR  states
"the used technique(Encryption) to proctect the transport of personal
data has to be state of the art" aka TLS 1.2 or 1.3 .


best regards,
Marius