TLS1.1 should now be OPT-IN instead of OPT-OUT

[user8446]

Currently as of v2.9.0 MailKit default supports TLS1.1 and above. The default should now be to default to TLS1.2 and above and OPT-IN to unsecure TLS versions.

TLS1.1 is now obsolete and deprecated and has the same major vulns. as TLS1.0 (POODLE, Heartbleed, etc.). TLS1.1 only added one mitigation from TLS1.0 (cipher-block chaining attacks).

As you know, if it's working most users won't take the time to OPT-OUT via SslProtocols - but this is dangerous considering what passes through email and the MITM attacks that can take place.

Thank you for the work on MailKit & MimeKit!

[jstedfast]

AFAIK:

• HEARTBLEED was a vulnerability that only affected the OpenSSL implementation. GnuTLS, for example, was not vulnerable.
• POODLE was a vulnerability in the protocol itself (not implementation dependent) and did affect SSL v3.0.
• BEAST was the cipher block chaining vulnerability that you are probably thinking of and it only affected TLS v1.0.
• CRIME was a TLS vulnerability in the compression algorithm negotiation and affected TLS v1.0, v1.1, and v1.2 but I think it's something that has been worked around by all of the major software implementations.

My understanding is also that the vast majority of software that supports TLS v1.1 also supports TLS v1.2, so I probably can safely disable TLS v1.1 by default.

Are you aware of any TLS v1.1 vulnerabilities that I did not list above or any info that suggests my understanding is incorrect?

I'm leaning towards disabling TLS v1.1 no matter what, but if you have a link to some official docs that provide a "deprecate TLS v1.1 by such-and-such a date", that would be super helpful in that it would allow me to point anyone who complains to some official docs. (When I disabled TLS v1.0 and SSL v3.0, I got some angry emails... let me tell you).

[user8446]

Hi Jeffrey,

All of the major players have already switched to opt-in by default:

Zoho: https://help.zoho.com/portal/en/community/topic/eos-for-email-clients-using-less-secure-protocols-and-ciphers-tls-1-0-tls-1-1-protocols-and-rc4-ciphers

IETF: https://tools.ietf.org/id/draft-ietf-tls-oldversions-deprecate-06.html#rfc.section.5

Chrome: https://www.chromestatus.com/feature/5759116003770368

Mozilla: https://www.fxsitecompat.dev/en-CA/docs/2020/tls-1-0-1-1-support-has-been-disabled-by-default/#:~:text=The%20support%20for%20the%20Transport,of%20TLS%20in%20early%202020.

MS Edge: https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/

O365: https://docs.microsoft.com/en-us/microsoft-365/compliance/tls-1-2-in-office-365-gcc?view=o365-worldwide

Cisco: https://support.umbrella.com/hc/en-us/articles/360033350851-End-of-Life-for-TLS-1-0-1-1-#:~:text=Answer%3A%20The%20industry%20is%20working,1.1%20as%20of%20March%202020.

Apple: https://emm.how/t/apple-drops-support-for-tls-1-0-and-1-1-in-safari-with-ios-13-4-and-macos-10-15-4/1197

As you know, you'll get those angry emails no matter what so it might as well be for securing their environment :) ha

[jstedfast]

Thanks!