Le 25/02/2016 09:57, Viktor Dukhovni a écrit : >> >> Disabling SSLv3 can not possibly provide any security benefit here, >> but may cause interop problems and less security for a few old peers. > Would you then go further and say that SMTP servers should leave SSLv2 > and/or EXPORT ciphers or single-DES enabled? If not, why not? > No. HTTPS, for exemple will fail if the client and the server have no ciphers in common (cipher overlap). But with SMTP, STARTTLS is an opportunistic encryption, if you don't support the maximum of ciphers, the other server will send you mails in cleartext. And it's worse to receive and send mail in cleartext than with a weak encryption. Solarus
Attachment:
signature.asc
Description: OpenPGP digital signature