Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The other day I noticed that most mail doesn’t come through when disabling TLS 1.0 & TLS 1.1. To my dismay it seems some major smtp service don’t support TLS 1.2. After enabling 1.0 & 1.1 mail came rolling in.

Anyone able to shed some light on what happened there to me?



It sounds like you've already figured it out.

You were requiring TLSv1.2 but some other remote mail systems didn't support it and were unable to fallback and, as a result, couldn't negotiate a secure connection.

Or did I miss something?


Check your mail headers as they will show what protocol and cipher was negotiated - you'll be able to see if it was actually 1.0 or 1.1 that was used.

If it was TLS 1.2, disable 1.0/1.1 again and check you still have that cipher available.


Determine whether security is important (protip: it is important). If so, then file bug reports to the originators of your missing mail.

It's far better to force them to upgrade than to allow them to force you to be insecure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: