Seems like they support more than 3DES. It might be interesting if they shared stats on how many legit MTA's are using old ciphers. <i>Should exclude bots, scanners, etc...</i> There are of course other mitigating factors such as PGP encrypting emails, accepting that some information is still disclosed. That can be further mitigated by using gmail to only perform the initial communication then go out of band for anything sensitive.<p><pre><code> SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 offered (deprecated)
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 offered (OK): final
Testing cipher categories
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA offered
Obsoleted CBC ciphers (AES, ARIA etc.) offered
Strong encryption (AEAD ciphers) with no FS offered (OK)
Forward Secrecy strong encryption (AEAD ciphers) offered (OK)
</code></pre>
Tested with testssl.sh [1]<p>[1] - <a href="https://github.com/testssl/testssl.sh">https://github.com/testssl/testssl.sh</a>