protonmail github addition discussion

[zivian]

i am unable to find discussion about protonmail. where is it?
"Software Suggestion | ctemplar" which taugt a lot of things.

[zivian]

i am wondering why it is still supporting tls 1.0 & 1.1

[dngray]

i am unable to find discussion about protonmail. where is it?

It was added a long time, ago. The discussion would have been in the re-vamp PR #1672

[dngray]

i am wondering why it is still supporting tls 1.0 & 1.1

They do, but there is a server suite preference so, unless the remote email server talks nothing else, it will use newer: https://www.hardenize.com/report/protonmail.com/1620012644#email_tls

[zivian]

@dngray unless the remote email server talks nothing else no comments (i have zero knowledge here)

but Content Security Policy Feature not implemented or disabled. Your server doesn't support this feature. this is worrying me.

[rusty-snake]

but Content Security Policy Feature not implemented or disabled. Your server doesn't support this feature. this is worrying me.

https://mail.protonmail.com/login has a CSP

[zivian]

@rusty-snake login is only important? all other things unimportant?

[rusty-snake]

Every page of https://mail.protonmail.com/ I tested (login, inbox, create/new) has a csp.
Every page of https://protonmail.com/ I tested (like blog) has no csp.

AV https://mail.protonmail.com/: High, untrusted (but sanitized) HTML/CSS of email
AV https://protonmail.com/: Low

Impact https://mail.protonmail.com/: High, emails, password, your personal data, ...
Impact https://protonmail.com/: Low

[zivian]

@rusty-snake thank you. i am still learning so stupid questions.