TLS 1.0 and 1.1: Last call!

I wrote on this subject back in July 2018 but, after a number of extensions to the deadline, the plug is finally being pulled on these outdated and insecure protocols.

Microsoft are now under way rolling out updates that will prevent acceptance of email connections from external sources using TLS 1.0 or 1.1. Nexus365 will NEVER use those versions of TLS to send secure outbound email.

It’s important to be aware that Nexus365 uses TLS opportunistically – email which does not use encryption (or if the TLS negotiation fails) Exchange Online will still accept messages unencrypted (if the sending server permits this). Likewise for outgoing email, if the receiving server does not issue a STARTTLS response.

Nexus365 will always attempt to negotiate the highest possible version of TLS which the communicating server supports. Once negotiated in the handshake, that TLS level will be held for the duration of the connection. Should TLS fail Nexus365 will not renegotiate a lower standard: delivery will instead be reattempted without TLS.

If you believe that TLS is the cause of any message-delivery issues, please let us know the SMTP errors logged (for example: “TLS negotiation failed with error SocketError”) and in particular the version of TLS being attempted from the protocol field.


Posted in Uncategorized | Comments Off on TLS 1.0 and 1.1: Last call!

Comments are closed.