Trusted email security expert | improve your email security in 2025

+1 (323) 955 1390

Review Older TLS Versions and Cipher Suites

by

Rob Walton
in

Prepare for TLS 1.3 Support for Mail Transport

TLS 1.3 support is becoming prevalent across messaging platforms as we enter 2025. Exchange Online support for TLS 1.3 is due soon – see this TLS 1.3 Blog Post from office365migrate.com .

TLS 1.2 is used as the default message transfer protocol, and this has superseded the previous legacy versions of TLS, which were TLS 1.0 and TLS 1.1.

Opportunistic TLS Security Risk

I would expect your email system to receive incoming internet email using opportunistic TLS, which will drop down to match the TLS version used by the sending email system. This is an email security risk, and can be prevented by a configuration in your email system.

Enforce TLS 1.2 Transport Security

Not all email systems are the same, and the configuration required to enforce the use of TLS 1.2 (or higher) may be different. Usually a report can be generated showing the received email traffic by TLS version. I have seen a small percentage of emails using TLS 1.1 for a recent customer project.

TLS Security for Court Evidence

The TLS transport layer security information in the SMTP message header can be crucial evidence for any expert email witness working on a court case. TLS is part of the overall picture to demonstrate if an email was sent or received.

TLS Cipher Review

To protect against email attack it is recommended to enforce the use of TLS 1.2 (or higher) for inbound email. It is then recommended to review the cipher suites used for the TLS 1.2 protocol, as often, you can de-select any cipher suites that are deemed insecure. Some useful references to the TLS cipher suites are here.

https://www.ibm.com/docs/en/zos/3.1.0?topic=protocols-cipher-suite-considerations-when-upgrading-tls-v12

https://developers.cloudflare.com/ssl/edge-certificates/additional-options/cipher-suites/recommendations

Summary | TLS 1.3 Preparation

In conclusion, the overall advise is to move to TLS 1.3 support for your email system where possible. And to also ensure you have prevented use of out dated TLS versions, and also prevented use of insecure cipher suites.

Contact me for further advice on how to ensure you have secured your TLS messaging protocol as securely as possible.

If you need help to migrate your legacy email system to Office 365 to make use of TLS 1.3, then contact office365migrate.com.

Table of Contents

    Comments

    Leave a Reply

    Your email address will not be published. Required fields are marked *