Re: [exim] SSL forcing

Top Page
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] SSL forcing
Am 19.05.19 um 20:17 schrieb Richard Jones via Exim-users:
> # egrep -o 'X=TLS[^ ]+' /var/log/exim4/mainlog | sort | uniq -c | sort
> -n | tail
>      82 X=TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128
>     167 X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256
>     272 X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256
>     289 X=TLS1.2:ECDHE_ECDSA_AES_128_CBC_SHA256:128
>     296 X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256
>     466 X=TLS1.2:ECDHE_ECDSA_CHACHA20_POLY1305:256
>     691 X=TLS1.2:ECDHE_ECDSA_AES_256_GCM_SHA384:256
>     727 X=TLS1.2:ECDHE_ECDSA_AES_128_GCM_SHA256:128
>    1053 X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
>   15878 X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256

>
> Sadly I want to continue to receive some of those TLS1.0 inbound
> connections. One of them is from the OWASP CRS mailing list. Of all
> people!


You have no idea whos mailserver used TLS 1.1 in 2018: The Germany
Federal Security Agency :D

And tons of other update denier :D

Best regards,
Marius