> On Feb 26, 2016, at 6:02 PM, Solarus <solarus@xxxxxxxxxxxxx> wrote: > >>> Disabling SSLv3 can not possibly provide any security benefit here, >>> but may cause interop problems and less security for a few old peers. >> >> Would you then go further and say that SMTP servers should leave SSLv2 >> and/or EXPORT ciphers or single-DES enabled? If not, why not? > > No. "No" as in they should not leave SSLv2/EXPORT/1DES enabled? > But with SMTP, STARTTLS is an opportunistic encryption, if you don't > support the maximum of ciphers, the other server will send you mails in > cleartext. > And it's worse to receive and send mail in cleartext than with a weak > encryption. Your rationale seems to contradict the "No" response. -- Viktor.