Is that possible to get an A+ for SMTP?

[HLFH]

Hi,

Here is an example: I got a A on https://tls.imirhil.fr/smtp/dhautefeuille.eu. Could I get an A+?

I respect the PFS best practice. And there is no HSTS for SMTP (I just read that).

I know that right now, it could be useless to get an A+ because of the opportunistic encryption, but I would like to try :)

Thanks in advance, HLFH

[aeris]

It’s a very very very bad practice to get a A on SMTP, and worse with TLSv1.2 only. SMTP/STARTTLS is opportunistic : if the recipient MTA don’t support one of the author MTA, the mail fallback to plain text. So, it’s better to have F grade for SMTP, with every ciphers and protocoles enabled. Better to have TLSv1.0+RC4 than plain-text.

(If you want a A+ (for HTTPS or SMTP or any other TLS stuff), you need to support only PFS cihpers.)

[HLFH]

Thanks. I guess that with the implementation of https://tools.ietf.org/html/rfc7672, it will be a great bad practice :) I'll do that.

As seen here:

smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = AES128+EECDH:AES128+EDH