TLS Implementation question
Question asked by Kevin McNally - March 1, 2016 at 5:31 AM
This may seem like basic stuff, but I am trying to implement TLS and disable SSL 3 with as little impact as possible to our users.
Fortunately I have found alot of the info I need in the forum (Thanks to Bruce), but I have a couple questions:
1. If we disable SSL 3, will this shut off access to our secure webmail https://samplemailserver.com?
2. If we disable SSL 3, will that stop any email clients connecting over SSL to stop working?
Thank you for your advise.
Kevin McNally
Interactive Palette, Inc.

1 Reply

Reply to Thread
Scarab Replied
March 1, 2016 at 10:57 AM
Disabling SSL3 will affect users that are using outdated Operating Systems, Email Clients, or Web Browsers. WinXP & Outlook 2003 or before, and any Apple product prior to April 2014 would no longer be able to make secure connections to SmarterMail, either through webmail or through TLS Ports. They can still make insecure connections over Port 80 for webmail and Ports 110, 143, and 25/587 for POP/IMAP/SMTP just fine.
If you disable SSL3 any email clients that were previously configured to use Ports 993, 995, and 465 for POP/IMAP/SMTP will no longer work even if they are using a current OS or Email Client that supports TLS, although you *COULD* bind TLS to those Ports in SmarterMail settings to avoid the Tech Support headache of walking existing customers through changing their Email Client settings to Ports 110, 143, and 25/587.

Although Bruce may beg to differ, disabling SSL3 isn't as important as disabling outdated Cipher Suites (RC4 specifically, leaving AES as the last "secure" Cipher Suite under SSL). SSL3 is tombstoned to go away entirely by Q2 2017, so you would want to migrate eventually, preferably sooner rather than later, but if you have a large percentage of your client base that is still using MacOS X 10.5.7 "Leopard" or iOS 4 or earlier, or Android 3, or WinXP you may want to still offer SSL3 until you can notify clients encouraging them to upgrade their devices and provide them with a cut-off date.

Reply to Thread