[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] TLS with smtp not working for me

From: Johan Viklund
Subject: Re: [Nmh-workers] TLS with smtp not working for me
Date: Wed, 07 Jun 2017 13:16:44 +0200

>Hi Ken,
>> I'm still surprised that in 2017 the main SMTP server for a large
>> university would support TLS 1.0 as the _highest_ protocol.
>> I can understand supporting TLS 1.0 in addition to TLS 1.1 and 1.2 to
>> handle support for older clients, but NOT supporting TLS 1.1 or 1.2
>> seems crazy to me.  That almost seems like a misconfiguration to me.
>Yes.  Or some old Postfix with TLS patches that they're stuck on for
>some reason.

I think they are running an exchange server.

>> I welcome other thoughts on this topic.
>It would be worth Johan poking them a bit to find out the reason.
>Presumably, most of their SMTP peers don't mind sticking at TLS 1.0
>otherwise they'd find a big "Gmail" can't send to them, for example, but
>that will be the case one day so they could do with raising what they
>accept before then.
>Johan, in case you don't know, you can use s_client(1) to talk SMTP and
>upgrade the plain-text connection with the STARTTLS command as a test
>and to show the problem to uu.se.
>    openssl s_client -connect smtp.uu.se:587 -starttls smtp -tls1
>You're left at a non-transparent connection, so best to type `quit'.  To
>try the higher versions, append `_1', or `_2' to the end of the -tls1

Thanks. I've sent a polite question to our postmaster.

Luckily I'm using an email-client where it is easy to switch what postproc to

Johan Viklund
Systems Developer, NBIS

reply via email to

[Prev in Thread] Current Thread [Next in Thread]