CustomBuild: ssl_configuration=intermediate setting will now also drop TLS 1.1 and older for exim and dovecot

[Richard G]

I also changed my mind already a while back after reading more argumentation. It would not be good if everybody including big company's would stop with it, and DA would keep using it. DA would be late. It's good to do it now.

Literally I do not care as far as my customers want it and they continue to use it. They pay. If I do not support whatever they want - including junk, - I'll lose money.

I'm not native English so I see I wrote it in a way it could be wrongly interpretated. I did not mean it like that.
Ofcourse I also don't care what my customers use and I help them wherever possible, so support is still great for them.

What I ment is that you don't install ancient stuff or keep ancient stuff working on the servers to support them keep using XP or junk or whatever. For example, I would not leave TLS 1.0 enabled for ages, I would not use php 5.2 on my servers or something like that. That's the way I ment that statement, sorry for the confusion.

As far as patches can fix things for them like to enable TLS 1.2 on their OS or email client, ofcourse I would gladly support them.

 

[wattie]

My vision is the following:

1. DA should be secure out-of-the-box. That means that it is totally OK to keep more secure defaults!

2. DA should continue to provide support for EOL software - like TLS 1.0 or (in my case) PHP 5.4. It's up to the admin to decide if he will enable support for EOL products or not.