TLS 1.3 is becoming prevalent across messaging platforms as we enter 2025. Exchange Online support for TLS 1.3 is due soon – see this TLS 1.3 Blog Post from office365migrate.com .
Commonly TLS 1.2 is used as the default message transfer protocol, and this has superseded the previous versions of TLS which were TLS 1.0 and TLS 1.1. However, I would expect your email system to receive incoming internet email using opportunistic TLS, which will drop down to match the TLS version used by the sending email system. This is an email security risk, and can sometimes be prevented by a configuration in your email system.
Not all email systems are the same, and the configuration required to enforce the use of TLS 1.2 (or higher) may be different. Usually a report can be generated showing the received email traffic by TLS version. I have seen a small percentage of emails using TLS 1.1 for a recent customer project.
To protect against email attack it is recommended to enforce the use of TLS 1.2 (or higher) for inbound email. Once this is done, it is then recommended to review the cipher suites used for the TLS 1.2 protocol, as often, you can de-select any cipher suites that are deemed insecure. Some useful references to the TLS cipher suites are here.
In conclusion, the overall advise is to move to TLS 1.3 support for your email system where possible, and to also ensure you have prevented use of out dated TLS versions, and also prevented use of insecure cipher suites.
Contact me for further advice on how to ensure you have secured your TLS messaging protocol as securely as possible.
Leave a Reply