Today we decided to phase out on all webbased services old TLS1 support in favor of TLSv1.2 exclusively. We hope everyone runs relatively up to date software by now and not many people will suffer. TLSv1.3 is coming soon too.
We are still aren't sure about email as there is many old mail clients in the wild.
Follow
@disroot Force e-mail to use TLS 1.2 for all clients using IMAP and authenticated SMTP, but allow weak ciphers and even plaintext on submission (port 25). Weak encryption is better than none and there are old, unmaintained mail servers.
Clients, however, can be told to upgrade. That's how it should be.
