Am 13.09.2013 22:36, schrieb Darren Pilgrim:
This has kind of wandered out of the scope of the list
i don't think so because having a question in public means also everyone reads it understands the real usefulness
On 9/13/2013 3:01 AM, Reindl Harald wrote:
Am 13.09.2013 11:45, schrieb Darren Pilgrim:
On 9/11/2013 3:52 PM, Reindl Harald wrote:
and that is why i said most widely used does not
RHEL5: openssl-0.9.8e RHEL6: openssl-1.0.0 Fedora 17: openssl-1.0.0k Fedora 18: openssl-1.0.1e
RHEL with outdated software bundled? You don't say. ;)
bulls** - google for LTS
My point is that you don't have to use the stock libraries. My *nix of choice, FreeBSD, still has 0.9.8 in the current releases. Luckily there's 1.0.1e in ports and the framework makes it easy to switch port builds between the base and port libraries. There are 1.0.1e packages for every Linux distro I've checked.
my point is that it does not help much if you have the best of all available encryptions on your IMAP server because all the messages you receive pass the wire and since you can't disable SSL/TLSv1.0/TLS1.1 on the MTA side or if you do so you receive a lot of messages *completly unecnrypted* because the sending MTA falls back
Firefox and Thunderbird currently ship with TLS 1.1/1.2 support, but not enabled by default
so it is nut relevant
How is TLS 1.1 and 1.2 support in one of the most popular suites of software not relevant?
"but not enabled by default" is not relevant in the reality except you are the only user of your private server and even if see above
what benefit do you have from TLS1.2 if the message passed the wire with SSL3 or unencrpyted at all
Sure, it's not enabled by default, but those of us working proactively can enable it
taht will not go to happen for the majority of users
On by default simply means the feature has matured to the point where the cost of supporting the general userbase is reasonably small.
on by default means the ordinary users will use it off by default means the ordinary users will not use it
as long the support for Windows XP is active and it comes to business you have to support it - period
Yeah I know. Fortunately XP is EoS in less than a year.
and until then it doe snot help much
I will be very happy to see it and all of it creaky
legacy inanity go away.
me too, and if it's only about having SSL-webhosts without a dedicated IP currently you can't use SNI in case of business websites as well as you can't disable SSL/TLS1.1/TLS1.2 as long you have potentially customers with WinXP/Outlook2003 and as long they are supported with updates you can't force a customer to upgrade
fine but what helps 1.1 in case someone asks how to disable it - read the subject
The subject line should have read TLSv1.0. Sorry for the typo.
FWIW, the body of my original email correctly said I wanted to disable TLSv1.0, not 1.1
while it's not that hardliner attitude to at least support TLS1.1 i think i explained now well the non existing benefits in what you are doing if you think about the complete way a e-mail goes and in case you are not the only user of the server it's impossible to do so without lose customers or get a lot of complaints until you revert the settings