TLS 1.2 Mail Server Security
Through March and April 2019, we will be upgrading our shared email servers to use only modern security methods. This upgrade will result in disabling the TLS v1.0 protocol.
What does this change mean for my server? Is there any software that will no longer work?
Most software or mail clients are unlikely to show any noticeable difference.
However, some software may not be compatible with the changes, since they were created before the current version of TLS was created. You may run into connectivity issues if you have any of the following mail client software installed on your local machine:
- Outlook 2010 and older
- Windows 7 and older
- Apple Mail 9.3 and older
- Mac OS 10.11 (El Capitan) and older
- Mac OS Mojave Version & Mail App 12.2
(may require manual port settings)
- Microsoft Entourage
- Outlook for Mac 2012 and older
- Thunderbird 27 and older
- Windows Live Mail
You will need to update your email progam to a version that supports current secure standards. This would apply to any other programs you may have installed that send email.
What is TLS v1.0?
TLS stands for Transport Layer Security. It’s the security protocol most often used on websites, applications, and email. Whenever you get on the internet, it is likely that you use some version of TLS.
What’s the difference between SSL and TLS?
In order to understand the relationship between SSL and TLS, we must first talk about their timeline.
In 1994, SSL was created. SSL was a security protocol meant to encrypt internet connections. Over time, SSL evolved into TLS. TLS protocols have the same purpose: to encrypt internet connections. So TLS is just an updated, more secure version of SSL.
Because of its close relationship with its predecessor, TLS is often still referred to as “SSL.”
For example, SSL certificates actually use TLS protocols.
So, if TLS is a better version of SSL, why are we disabling it?
We’re not disabling all TLS protocols - only TLS v1.0. TLS v1.0 was released in January 1999, so the protocol is almost twenty years old. The PCI Council, the security standard council for card payments, has also declared that TLS v.1.0 is no longer secure. Because of these factors, it is necessary to disable TLS v1.0 to keep your mail servers secure.