Re: [Nmh-workers] TLS with smtp not working for me

[Ralph Corderoy]

Hi Ken,

> I'm still surprised that in 2017 the main SMTP server for a large
> university would support TLS 1.0 as the _highest_ protocol.

Agreed.

> I can understand supporting TLS 1.0 in addition to TLS 1.1 and 1.2 to
> handle support for older clients, but NOT supporting TLS 1.1 or 1.2
> seems crazy to me.  That almost seems like a misconfiguration to me.

Yes.  Or some old Postfix with TLS patches that they're stuck on for
some reason.

> I welcome other thoughts on this topic.

It would be worth Johan poking them a bit to find out the reason.
Presumably, most of their SMTP peers don't mind sticking at TLS 1.0
otherwise they'd find a big "Gmail" can't send to them, for example, but
that will be the case one day so they could do with raising what they
accept before then.

Johan, in case you don't know, you can use s_client(1) to talk SMTP and
upgrade the plain-text connection with the STARTTLS command as a test
and to show the problem to uu.se.

    openssl s_client -connect smtp.uu.se:587 -starttls smtp -tls1

You're left at a non-transparent connection, so best to type `quit'.  To
try the higher versions, append `_1', or `_2' to the end of the -tls1
option.

-- 
Cheers, Ralph.
https://plus.google.com/+RalphCorderoy