On 18.09.21 23:14, Viktor Dukhovni via Exim-users wrote: >>> Besides this: About 85% of the incoming traffic is still unencrypted
>>> (for my statistics, mainly because some high volume mailing list
>>> servers do not use TLS), about 10% uses TLS1.3, 5% still uses TLS1.2
>>> (I log TLS ciphers via +tls_cipher in Exim). >> It looks as though you do not allow TLSv1.1 - I suspect that a
>> substantial faction of that 85% would use it if you allowed it.
>> For email it is probably better to allow TLSv1.1 than reject it
>> and end up receiving the message in plain. > Make that TLS 1.0, almost nobody uses TLS 1.1, the sites that don't
> support at least TLS 1.2 almost invariably only support TLS 1.0.
>
> There's little to nothing particularly wrong with TLS 1.0 for SMTP, and
> certainly nothing that's fixed in TLS 1.1, so if the floor isn't TLS 1.2
> it should be 1.0 (I still recommend leaving it enabled for now).
>
TLS 1.0 and 1.1 have been deprecated for HTTPS (at least practically, since modern
browsers stopped supporting it last year and IETF formally deprecated 1.0 and 1.1 March
2021) and TLS 1.2 is out for more than 10 years. Any site, that does not support at
least TLS 1.2 is running absolutely outdated software. GnuTLS handshake errors are logged
very few times (<<1% of the messages), I suppose that enabling TLS1.1 and lower would not
increase encrypted connections very much.
Anyway: My main goal is to protect credentials of my users, if I would enable TLS1.1
and lower, I would risk that this communication is not secured adequately. Additionally,
I enforce encryption (TLS1.2+) on outgoing connections (only very few sites do not support
that, I maintain a list of exceptions, when I see mails lingering in the queue).
Most of the incoming traffic, which is not encrypted is from high volume open lists,
especially from LKML (vger.kernel.org which does not even try to use STARTTLS)...
