Providing Business Class
Web Hosting Since 1996
Sales Chat

<< Blog Home

Email client SSL/TLS issues


Tuesday, June 12th, 2018 - General

An upcoming change to our servers will affect some older email clients (potentially older browsers as well).

Changes to the way security is run on the servers is going to change the available ciphers and only allow for TLS version 1.2. The aim here is to provide better security throughout the Internet. Known issues with TLS versions 1.0 and 1.1 essentially make them insecure.

Most users won’t notice this change. If you are using a modern email client, browser, and operating system then it’s probably already using TLS 1.2, and if not, it will switch to it when other insecure TLS versions are unavailable.

But if you are using an older email client, such as Outlook 2007 or Windows Live Mail (plus many others – too many to list), you will likely be affected by this. It is important to note that both Outlook 2007 and Windows Live Mail are end of life. That means they are no longer supported by their developer any more. And anything that is end of life, you really shouldn’t be using any more. You can’t expect end of life’d software to continue to be updated and work in modern system. It just doesn’t work that way.

So if you encounter an issue checking or sending out mail – consider the email client that you are using and if it is up to date and being kept up to date. If it’s end of life, then you really need to switch to a modern email client and/or operating system.

This will only affect you if you use one of these email client AND use secure mail settings. You can continue to use your old email client, you just can’t use secure settings – but we don’t recommend doing that. The best solution is to update to a modern email client or operating system.

We recommend Thunderbird, although any modern email client should be sufficient:

https://www.thunderbird.net

Additionally, you can use webmail to log into your email accounts. Simply point your browser to:

http://yourdomain.com/webmail

Enter the email address you want to check as the username and the password is that email account’s corresponding password. (Replace yourdomain.com with your actual domain name you have hosted with us).

All of this is being done with an object of making the Internet more secure. The Internet cannot be secure if insecure protocols and system are allowed to continue to operate. All of those insecurities will eventually be phased out.

Update – June 13, 2018

If you are having issues with this and you are using one of Microsoft’s Outlook products on Windows 7, then you might try applying this patch:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Some have made progress by utilizing this patch to update their Outlook to allow for modern and updated versions of TLS. But if you are depending on an outdated or discontinued version of Outlook, this patch probably won’t help you.

Update – June 14, 2018

So what’s the bottom line?

If you have been sent to this post or if you are otherwise affected by this then this statement rings true:

You are using an email client or operating system that does not support valid security protocols.

Perhaps this can be fixed, perhaps not. We’re really not going to know. There are just too many email clients out there for us to have knowledge about what settings are where and what patches may or may not need to be applied. It’s best to contact the developer or vendor of the product you are using.

But chances are, if you are having problems with this, then the product you are using has reached it’s end-of-life and that may have occurred several years ago. Up until this latest server update, secure connections using TLSv1 were still being allowed. But it’s important to note that TLSv1 connections were never secure to begin with. That is why they have been disabled. To raise awareness that the client and operating system you have been using is not secure.

The Internet is always on, always available – which means it has to be secure. This means things have to change in order for it remain secure. When security vulnerabilities are discovered in Internet protocols, you can’t expect a secure Internet to continue to use those protocols. This is what has happened here. Vulnerabilities in TLSv1 have been known about for some time, but the Internet industries were giving people time to migrate to knew clients, programs, and protocols before completely shutting down TLSv1. The shut down of TLSv1 is beginning now.


Copyright AMSComputer Services, Inc. All rights reserved.

Products and Services
Infrastructure
Datacenter Information
About Us
Policies and TOS
Support
Open a Support Ticket
Guides and Information
Support Blog
Access Welcome Letter


logo_placeholder logo_placeholder logo_placeholder logo_placeholder

logo_placeholder       logo_placeholder       logo_placeholder