i think the docs are outdated on the minimum tls version.
honestly i am not comfy reading go and don't know enough about mail.
i was email rfc's and in 8997 it says that the minimum TLS version used by an MSP should be 1.2 or greater.
in the docs it says that maddy uses tls 1.0 as its minimum version.
when running maddy without any tls options with curl and setting the tls protocol via --tls-max i get anything below 1.2 rejected.
i think the way i got the code is that in the default case the tls.Config.MinVersion and tls.Config.MaxVersion are set to O. honestly i didn't bother to spend more time reading the go lib for crypto much beyond their comment that the default tls version is 1.2 and found this PR from a year back saying that they bumped it.
the docs weren't updated since then (tls.md at least).
that's why i guess everything is fine, it's just that the docs are outdated.
heyjo :3
i think the docs are outdated on the minimum tls version. honestly i am not comfy reading go and don't know enough about mail. i was email rfc's and in 8997 it says that the minimum TLS version used by an MSP should be 1.2 or greater. in the docs it says that maddy uses tls 1.0 as its minimum version. when running maddy without any tls options with curl and setting the tls protocol via
--tls-max
i get anything below 1.2 rejected. i think the way i got the code is that in the default case thetls.Config.MinVersion
andtls.Config.MaxVersion
are set to O. honestly i didn't bother to spend more time reading the go lib for crypto much beyond their comment that the default tls version is 1.2 and found this PR from a year back saying that they bumped it. the docs weren't updated since then (tls.md
at least). that's why i guess everything is fine, it's just that the docs are outdated.best regards