Disabling Opportunistic TLS 1.0, TLS 1.1

The change made includes disabling opportunistic TLS 1.0, TLS 1.1 and a short list of ciphers; ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, AES128-SHA, and AES256-SHA.

This change was motivated by the security community’s consensus to recommend deprecation of these protocols. These protocols have multiple known vulnerabilities of varying severity. Other security vendors are making similar changes; for example, see https://learn.microsoft.com/en-us/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365?view=o365-worldwide.

Prior to making the change, Proofpoint audited our MTAs and found that only about 0.1% of SMTP connections were using these deprecated protocols and ciphers. Furthermore, given that almost all SMTP clients use STARTTLS opportunistically, the clients would fall back to an unencrypted transmission if a secure connection could not be negotiated.

Given the combination of the extremely low usage of the protocols observed along with the transparent fallback to an unencrypted connection, we believed that any customer impact would be very unlikely.

In future, we will provide advanced notice about any changes that may have a customer-facing impact.

Currently, our MTAs support TLS 1.2, TLS 1.3 and the following list of ciphers:

• TLS_AES_128_GCM_SHA256
• TLS_CHACHA20_POLY1305_SHA256
• TLS_AES_256_GCM_SHA384
• ECDHE-RSA-AES128-GCM-SHA256
• ECDHE-RSA-CHACHA20-POLY1305
• ECDHE-RSA-AES256-GCM-SHA384
• ECDHE-RSA-AES128-SHA256
• ECDHE-RSA-AES256-SHA384
• AES128-GCM-SHA256
• AES256-GCM-SHA384
• AES128-SHA256
• AES256-SHA256

How to Enforce TLS

Support for LDAP (SSL/TLS)