[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] TLS with smtp not working for me

From: valdis . kletnieks
Subject: Re: [Nmh-workers] TLS with smtp not working for me
Date: Wed, 31 May 2017 11:27:15 -0400

On Wed, 31 May 2017 10:19:37 -0400, Ken Hornstein said:

> After some experimentation with openssl s_client, it seems that the
> highest level of TLS that the server smtp.uu.se supports is TLS 1.0!
> Which is actually kind of surprising to me.  That seems ... wrong,
> somehow?  But anway, if you remove the SSL_OP_NO_TLSv1 in abovementioned
> line, I think everything will work fine.
> I am kind of torn about this.  The stuff I have been seeing is that most
> everybody should be moving to TLS 1.1 or greater, and I thought all of
> the servers out there had supported this a long time ago.  What do others
> think?

4346 The Transport Layer Security (TLS) Protocol Version 1.1. T. Dierks,
     E. Rescorla. April 2006. (Format: TXT=187041 bytes) (Obsoletes
     RFC2246) (Obsoleted by RFC5246) (Updated by RFC4366, RFC4680,
     RFC4681, RFC5746, RFC6176, RFC7465, RFC7507, RFC7919) (Status:
     PROPOSED STANDARD) (DOI: 10.17487/RFC4346)

That RFC is over 11 years old now.

5246 The Transport Layer Security (TLS) Protocol Version 1.2. T. Dierks,
     E. Rescorla. August 2008. (Format: TXT=222395 bytes) (Obsoletes
     RFC3268, RFC4346, RFC4366) (Updates RFC4492) (Updated by RFC5746,
     RFC5878, RFC6176, RFC7465, RFC7507, RFC7568, RFC7627, RFC7685,
     RFC7905, RFC7919) (Status: PROPOSED STANDARD) (DOI:

And that one is pushing 9.  TLS 1.0 has not been allowed in PCI environments for
over a year now:


I'd say leave the actual code as-is, but add a comment saying what to do if
your mail provider is stuck in the stone age, and a mention in the release 

Attachment: pgpbmDzJlrvup.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]