SM 16 and TLS 1.2 PCI compliante delivery issues

Hi You All

We have a SM 16 server that is fully TLS 1.2, so no TLS 1.1 or 1.0 or SSL anything. I'm seeing in the logs that delivery to mail servers that do not have TSL 1.2 enabled is defaulting to no encryption, it is delivered but appears to be in clear text.

I'm writing because I don't see any solution for this. IISCrypto will turn TLS 1.0 and 1.1 over server wide. I do not know of any component to Windows or 3rd party that would allow specific, TLS protocols per server port.

Example allow Port 25 to deliver TLS 1.1 if 1.2 is not available.

J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273

echoDreamz Replied

4/22/2018 at 10:12 PM

I dont believe this is possible. It is all or nothing as far as I know. Though if you have TLS 1.1 / 1.2 enabled, it should automatically connect with whatever version is best capable of the client or receiving server.

Merle Wait Replied

4/26/2018 at 11:15 AM

J, just curious if this is still an issue, or you have this resolved?

J Lee Replied

4/26/2018 at 12:04 PM

Not every email server is going to have TLS 1.2 enabled, and if you turn off TLS 1.1 and 1.0, Smartermail can not connect on TLS 1.2 so then it sends the email unencrypted. This is kind of a problem for services like mine that will need to be turn off in June. So no solution

J. Sebastian Lee Service2Client LLC 6333 E Mockingbird Ste 147 Dallas, TX 75214 - 877.251.3273

3 Replies

Reply to Thread

Related Knowledge Base Articles

3 Replies

Reply to Thread

Tags

Related Knowledge Base Articles