Secure email with TLS v1.2

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
We have a customer that has a PCI compliant server cluster. We recently made a move to fully disable TLS v1 (Transport Layer Encryption, the successor to SSL) since it will no longer be considered PCI compliant as of June 2016.

After doing so, we learned 2 interesting thing.


A) Even though Windows 7 "includes" and "supports" TLS, it is disabled by default. In order to to use the most current and secure TLS in Windows 7, you have to add the following registry keys.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000



B) Aparently, Apple has decided to disable TLS support on the iPhone and iPads....
We have been working to find the reason we are unable to connect via a iPad or iPhone once TLS v1 is disabled. After speaking to a Apple online tech, we were told that this week, Apple pushed out an update that disabled TLS support.....


Has anyone else run into this issue?
 

ElixantTechnology

Well-known member
Registered
Joined
Nov 26, 2014
Messages
281
Points
43
EDIT: I read this wrong; ignore my last comment.

No, I haven't come across this issue as of yet.... Also, last I checked, TLS 1.1+ are only disabled in Internet Explorer, and should be functional everywhere else.... That leads me to the next question; why are they still using Internet Explorer?
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
RDO Servers
Ug, I can't stand IE and haven't used it in years!

Sorry, I should have been more specific, the issue was not with http, but with POP3. Aparently there are quite a few "new" devices that have yet fully caught up to the latest standard and will crap out if they can't fall back to TLSv1
 

ElixantTechnology

Well-known member
Registered
Joined
Nov 26, 2014
Messages
281
Points
43
That would explain why I have had more and more iPhone customers coming into the store with issues relating to connecting to their E-Mail accounts......
 

RDO Servers

Well-known member
Registered
Joined
Apr 3, 2015
Messages
1,027
Points
83
RDO Servers
Yep!

According to the Apple tech I spoke to, the recent update was to "fix" security vulnerabilities. When in fact, they actually downgraded the security on them.....

Gotta love Apple!
 
Older Threads
Replies
1
Views
2,755
Replies
0
Views
2,376
Replies
0
Views
2,052
Replies
1
Views
2,097
Newer Threads
Replies
0
Views
2,683
Replies
27
Views
10,499
Replies
6
Views
3,425
fwh

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top