> On Feb 26, 2016, at 7:09 PM, Solarus <solarus@xxxxxxxxxxxxx> wrote: > > SSLv2 is no longer used or seen by MTA, so we can reasonably drop it's support. > But cleartext is still more used than SSLv3, so why would you drop SSLv3 support before forbidding cleartext inbound and outbound your MTA ? As I mentioned upthread, SSLv3 is also no longer used. It makes to not carry around useless baggage that increases the attack surface and looks bad in audits. No additional traffic is protected by enabling SSLv3, the SSLv3-only MTAs are gone from the public Internet (O.K. a negligible number may remain, but this is no longer worth the penalty of keeping SSLv3 around). -- Viktor.