Author: Simon Josefsson Date: To: exim-users Subject: Re: [exim] GnuTLS vs OpenSSL
Viktor Dukhovni via Exim-users <exim-users@???> writes:
> On Sat, Sep 18, 2021 at 09:45:28PM +0100, Andrew C Aitchison via
> Exim-users wrote:
>
>> > Besides this: About 85% of the incoming traffic is still unencrypted
>> > (for my statistics, mainly because some high volume mailing list
>> > servers do not use TLS), about 10% uses TLS1.3, 5% still uses TLS1.2
>> > (I log TLS ciphers via +tls_cipher in Exim).
>>
>> It looks as though you do not allow TLSv1.1 - I suspect that a
>> substantial faction of that 85% would use it if you allowed it.
>> For email it is probably better to allow TLSv1.1 than reject it
>> and end up receiving the message in plain.
>
> Make that TLS 1.0, almost nobody uses TLS 1.1, the sites that don't
> support at least TLS 1.2 almost invariably only support TLS 1.0.
FWIW, I have used standard Debian exim (heavy, with GnuTLS) for my
personal email server for a couple of years, and I don't recall any
TLS-related problem. FWIW, it seems TLS1.2 and TLS 1.3 is in wide use,
see statistics from the last couple of days on my server: