Is anyone yet blocking outright TLS 1.0 and TLS 1.1 to their servers?
Question asked by Michael - 12/3/2019 at 2:04 PM
Unanswered
We stand ready to do this, but it's unclear if we need to keep TLS 1.0/1.1 open for SMTP communication. Is it fair to assume all the major providers are handling SMTP traffic now over TLS 1.2?

5 Replies

Reply to Thread
0
Employee Replied
Employee Post
Michael,

I believe the word is that Microsoft (Outlook.com/Office 365) and Google (Gmail/G Suite) plan to have fully switched to TLS 1.2 by January or February 2020.  I'm not 100% certain about other providers.
2
echoDreamz Replied
We still see a lot of TLS 1.0 connections into our mail server, so it seems like we cannot yet fully disable it. Though, all the big players are all TLS 1.2.

Christopher

0
Michael Replied
It seems that once Microsoft and Google are fully enforcing only TLS 1.2, that would be the trigger for the rest of us. Since by that point if you aren't exclusively TLS 1.2, you won't be able to talk to account holders working with the big boys. @ben how might we track their official plans, do you know?
0
Employee Replied
Employee Post
Michael,

It seems I was a little off on Microsoft.  Their official timetable for deprecating older TLS versions is June 2020:


I'm still trying to find the official announcement from Google for you.
0
Employee Replied
Employee Post
Michael,

Just a further update on this.  I still haven't been able to turn up an official announcement from Google regarding Gmail/G Suite.  However, they are definitely deprecating support for older versions of TLS in Chrome by March 2020.  This will effectively render it impossible for anyone using Chrome to access login pages for webmail if they aren't being served over at least TLS 1.2.  

Here's the announcement from the Chromium team:

Reply to Thread