In the age of cyber warfare, being paranoid is the only reasonable attitude and that means, among other things, being paranoid about software updates.
TLS 1.3 (with AEAD) and TLS 1.2 cipher suites demystified: how to pick your ciphers wisely
Until the day TLS 1.3 becomes widely supported, web servers must rely on a fallback to TLS 1.2 with correctly configured server directives and strong cipher suites. Pick the wrong settings and you declare an open season on your server.
How to verify the remaining validity of your letsencrypt certificates
In order to figure out how many days your letsencrypt certificates have left, you could check an online services such as:
https://www.ssllabs.com/ssltest/index.html
However, that won’t work for a mail server that’s not also running a web server using the same certificate.
In this case, your best bet is to check the certificate file directly using the openssl command as follows:
openssl x509 -noout -dates -in /etc/letsencrypt/live/smtp.yourmailserverdomainname.com/cert.pem
DROWN, a New Attack on OpenSSL: Millions of OpenSSL-Secured Websites Are at Risk!
A recently discovered security vulnerability in OpenSSL allows a long-deprecated protocol, SSL v2 (Secure Sockets Layer) to be misused in attacks at modern websites. The new attack has been, perhaps fittingly, dubbed DROWN, an acronym for Decrypting RSA with Obsolete and Weakened eNcryption. Cyber security analysts believe it might shut down–or shall we say drown, more than one third of all HTTPS servers. Is yours one of them?