Missing or broken MDC currently does not cause a fatal error to be thrown if some obsolete ciphers are in use (such as CAST5, 3DES). The rationale for this was to support legacy systems. But this has encouraged mail clients to incorrectly treat missing MDC as non-fatal (gnupg says it succeeded, so it must be OK!).
To guard against such practice in the future, we should fail hard on all MDC errors by default, regardless of ciphersuite.
This mitigates CVE-2017-17688