[smartbit]

The other day I noticed that most mail doesn’t come through when disabling TLS 1.0 & TLS 1.1. To my dismay it seems some major smtp service don’t support TLS 1.2. After enabling 1.0 & 1.1 mail came rolling in.

Anyone able to shed some light on what happened there to me?

[jlgaddis]

It sounds like you've already figured it out.

You were requiring TLSv1.2 but some other remote mail systems didn't support it and were unable to fallback and, as a result, couldn't negotiate a secure connection.

Or did I miss something?

[dwd]

Check your mail headers as they will show what protocol and cipher was negotiated - you'll be able to see if it was actually 1.0 or 1.1 that was used.

If it was TLS 1.2, disable 1.0/1.1 again and check you still have that cipher available.

[inetknght]

Determine whether security is important (protip: it is important). If so, then file bug reports to the originators of your missing mail.

It's far better to force them to upgrade than to allow them to force you to be insecure.