restore TLS version, correctly #2723

msimerson · 2019-10-13T23:48:02Z

Changes proposed in this pull request:

add cipher version back to header
this time, use the current connections version, not the minimum supported

Checklist:

docs updated
tests updated
Changes updated

msimerson · 2019-10-14T02:22:29Z

<disclaimer>It's a small sample size but</disclaimer> every TLS connection that has arrived since I ported this to a production server (granted, on a slow Sunday afternoon) has been TLSv1.2.

I also wish our tls connection properties were named tls.cipher and tls.version (instead of tls.cipher.name and tls.cipher.version, but I don't want to break any existing use of them for the sake of making them a little tidier.

msimerson · 2019-10-25T21:01:55Z

More data. Measured across 70,000 transactions (ie, connections that made it to at least the MAIL FROM phase of the connection:

TLSv1.2 = 98.2%
TLSv1.1 = 0.6% (just two connections, both spam, from germany and vietnam)
TLSv1 = 0.6% (dozens of valid connections.)

msimerson added 3 commits October 13, 2019 16:46

restore TLS version, but correct this time

6b96d1e

update Changes

22dc33b

tls: more succinct results

ebe9197

msimerson changed the title ~~restore TLS version, but correct this time~~ restore TLS version, correctly Oct 14, 2019

msimerson added the Security label Oct 14, 2019

msimerson merged commit 3b58133 into haraka:master Oct 25, 2019

msimerson deleted the tls-version branch October 25, 2019 21:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

restore TLS version, correctly #2723

restore TLS version, correctly #2723

restore TLS version, correctly #2723

restore TLS version, correctly #2723

Conversation