TLS Security Update Coming in November
Announcement made by Derek Curtis - August 14 at 10:22 AM
Locked Employee Post Sticky
All,

We sent an email about this to all customers, but I wanted to post it here as well...

As many of you are system administrators you may already be aware that TLS 1.0 and 1.1 are nearing end of life. Technology companies like Microsoft, Google and Apple, as well as financial and governmental institutions have either already removed support for these encryption methods or have plans to deprecate support for them in the next year.

Smartertools has customers across virtually every industry. Based on the various compliance requirements across these industries, customers benefit from how we gather and store data, how we secure our products and services, etc. Deprecating support for TLS 1.0 and 1.1 is a result of our need to meet these compliance standards. Therefore, as of November 1, 2019, SmarterTools products, websites, servers and infrastructure will no longer support these legacy encryption methods. 

How Does This Impact You

When you interact with our website and when using products that connect to us, you’ll want to make sure you do so using web browsers and devices that support TLS 1.2 and later. Below is a list of these that do NOT fully support TLS 1.2:

  • Chrome 72 and earlier
  • Firefox 5.0 and earlier
  • IE 8 – 10 on Windows 7 and earlier
  • IE 10 on Windows Phone 8
  • Safari 6.0.4/ OS X 10.8.4 and earlier
  • Android 4.3 and earlier

Because we were aware that this was coming back in 2015, we implemented TLS 1.2 compatibility in SmarterMail 14.2, SmarterTrack 11.5 and SmarterStats 11.0 while still offering support for other TLS versions. Therefore, if you’re running those versions, or any versions AFTER those, you will see no impact. If you’re running versions earlier than those, you will have problems connecting to our infrastructure as well as using various other servers and services across the internet. For example:

  1. In SmarterMail, mail servers such as Office 365 and Yahoo! will start rejecting email if you still attempt to connect using TLS 1.0/1.1, after those mail servers deprecate their support.
  2. In SmarterTrack, if you’re connecting to something like Office 365 for your POP and/or SMTP accounts, those functions will no longer work once Office 365 deprecates TLS 1.0/1.1.
  3. In SmarterStats, Site Tuning may no longer work properly if you’ve disabled TLS 1.0/1.1 for your site.

Even if these issues don’t affect you, simply using products with outdated security measures will put yourself and your users at risk.

This deprecation of encryption protocols, across various industries and by all technology companies, is just another example of why it’s critical for you to keep Maintenance and Support active and stay up-to-date on every piece of software you use. The internet is constantly changing. New threats and new vulnerabilities are found constantly. As we're fully aware of this, a good amount of our time is spent staying on top of these threats, improving our products and introducing new ways to keep you and your users protected.

Derek Curtis
COO
SmarterTools Inc.
(877) 357-6278