Re: [Nmh-workers] TLS with smtp not working for me

[Johan Viklund]

>Hi Ken,
>
>> I'm still surprised that in 2017 the main SMTP server for a large
>> university would support TLS 1.0 as the _highest_ protocol.
>
>Agreed.
>
>> I can understand supporting TLS 1.0 in addition to TLS 1.1 and 1.2 to
>> handle support for older clients, but NOT supporting TLS 1.1 or 1.2
>> seems crazy to me.  That almost seems like a misconfiguration to me.
>
>Yes.  Or some old Postfix with TLS patches that they're stuck on for
>some reason.

I think they are running an exchange server.

>> I welcome other thoughts on this topic.
>
>It would be worth Johan poking them a bit to find out the reason.
>Presumably, most of their SMTP peers don't mind sticking at TLS 1.0
>otherwise they'd find a big "Gmail" can't send to them, for example, but
>that will be the case one day so they could do with raising what they
>accept before then.
>
>Johan, in case you don't know, you can use s_client(1) to talk SMTP and
>upgrade the plain-text connection with the STARTTLS command as a test
>and to show the problem to uu.se.
>
>    openssl s_client -connect smtp.uu.se:587 -starttls smtp -tls1
>
>You're left at a non-transparent connection, so best to type `quit'.  To
>try the higher versions, append `_1', or `_2' to the end of the -tls1
>option.

Thanks. I've sent a polite question to our postmaster.

Luckily I'm using an email-client where it is easy to switch what postproc to
use.

-- 
Johan Viklund
Systems Developer, NBIS
073-9638928