Announcement: Mailfence will stop support for TLS 1.0 and 1.1 starting June 2nd, 2020

TLS 1.0 and 1.1

TLS is a protocol that encrypts traffic between a client program and the server. It also ensures that the software client is talking to the right server. Protocols are continuously being improved through the release of new versions mostly because vulnerabilities are being found in the old ones. Those vulnerabilities can result in TLS being ineffective or compromised.

TLS 1.0 and 1.1 are out-of-date protocols that do not support modern cryptographic algorithms. They contain security vulnerabilities that may be exploited by attackers. An official effort on deprecating TLSv1.1 and TLSv1.0 is also underway, following guidelines by NIST and industry consortia such as the Payment Card Industry Association (PCI).

Announcement

We are now announcing that protocols TLS 1.0 and TLS 1.1 will no longer be accepted to access non-web Mailfence services (SMTP, IMAP, POP and XMPP) starting June 2nd, 2020.

We have done similar operation in the past, by disabling SSLv3 on all end-points and by disabling TLSv1.0 and TLSv1.1 for web on 01/10/2019. Please find below the current timeline.

ServiceDeprecation date
Web01/10/2019
SMTP (AUTH, MX)02/06/2020
IMAP02/06/2020
POP02/06/2020
XMPP02/06/2020

Using TLS 1.2 and above will ensure greater security when accessing Mailfence services.

Will this impact me?

If you are using a modern browser and modern client program, this change will not affect you. However, if you are using an older client program then you will need to change your configuration or upgrade your software if it can’t support TLS 1.2.

To guard against any disruption in service, we recommend everyone to update their older client program before June 2nd, 2020. Please consult your client program documentation for further details.

In case anything is not clear, or if you have questions, feel free to let us know.

Get your secure email

Mailfence is a secure and private email-suite.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Avatar for Mailfence Team

Mailfence Team

End-to-end encrypted e-mail service that values and respects your privacy without compromising the ease-of-use. @mailfence @mailfence_fr

You may also like...