Email Routing Support for IPv6 and removal of old TLS


Is there any plans to remove TLS1.0 and 1.1 for Email Routing (beta)? Per NIST SP 800-52 Rev. 2 TLS1.0 and 1.1 is not recommended for any service for any reason, PCI also disallows if (not that anyone should use this service for PCI data).

How about support for IPv6?

Thanks for the report.

We are planning to change the TLS configuration we use, very likely we will remove support for TLS1.0 and allow TLS1.3 (if not already the case).

IPv6 support for MX server and outgoing emails are being worked on at the moment.

1 Like

Perfect thank you. how about DANE? for me it seams like DANE support is everyone is waiting on everyone clients waiting for servers servers waiting on client

Supporting DANE feels like the same to us, only few client supports it. Someone would have to implement it first to gain traction. That said, no concrete plan to support for now.

Indeed Microosft with Exchange Online is implementing this by Q3-Q4 '22 aswell as DNSSEC for their services. So some large actors are taking step. Would be nice of cloudflare even if you are not a large email provider would take steps to show that it is easy to implement (TLSA record which you already do support)

Cat and mice game is never ending I even see this for IPv6 but steps are being taken which is good.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.