On Tue, Feb 02, 2016 at 09:00:02PM -0500, Derek Atkins wrote: > Have you disabled non-TLS SMTP transport, too? That would clearly be premature. > If not, isn't there a chance that disabling SSLv3 will cause *SOME* > email to fallback to non-encrypted? A very small chance, but given the rapidly diminishing and already negligible fraction of systems that are only capable of SSLv3, this is an acceptable cost of reducing the attack surface and opportunities for downgrade and other attacks against the vast majority of remaining systems. I'm glad to see active support for the positions expressed in RFC7435, and indeed one generally gets more security by raising the ceiling (making stronger crypto available) than by raising the floor (requiring stronger crypto than was previously acceptable). However, after making stronger crypto available for long enough, and reaching sufficient deployment levels that obsolete crypto is legitimately almost never needed, it is eventually time to move on and raise the floor too. I am quite comfortable at this time with a requirement of better than SSLv3 for SMTP on the public Internet. -- Viktor.