PICCORO McKAY Lenz writes:
El vie., 4 de oct. de 2019 a la(s) 21:56, Sam Varshavchik ([email protected]) escribió: > > PICCORO McKAY Lenz writes: >> so the solution it's to disable TLS 1.2 ? i'm pretty confused in witch > > part of the imapd/imapd-ssl must be done.. > > The likely problem is that older version of Courier do not support TLS 1.2. > There's nothing to disable. Older Debian packages do not even implement it, > and modern SSL/TLS clients will only connect to TLS 1.2 peers.umm, so, modern client only will use TLS? there's t¿other way? that's case its only for imap connection.
Yes, it is expected that all clients, be it IMAP, POP3, and also web browsers, will at some point will refuse to use anything less than TLS 1.2.
Web browsers are actually leading in that regard. Firefox/Chrome/Edge have either completely turned off all support for TLS 1.1 and earlier, or will do so within a year.
for smtp mta are same ?
For SMTP the situation is more murky. Except in cases of specific situations, like specific situation of clients using smtps, or requiring the use of the STARTTLS extension, TLS for SMTP is optional default. With public MX servers, if the sender is unable to establish a TLS session, for some reason, most SMTP senders will just fallback to unencrypted connections; except for very new clients that implement STS.
The current version of Courier does implement STS on the sending side. So, with a current default TLS configuration, Courier will refuse to use anything other than TLS 1.2 to send mail to a domain with a published STS policy.
pgpYTPSC25M9T.pgp
Description: PGP signature
_______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
