Page 1 of 1
Chrome states webmail is no longer secure due to TLS1.0
Posted:
Thu Sep 03, 2015 9:24 am
by Jodrik
I have attached a screen-shot which now makes Chrome state that TLS 1.0 sites are no longer secure. When is AMS moving to TLS 1.1 or above?
Re: Chrome states webmail is no longer secure due to TLS1.0
Posted:
Thu Sep 03, 2015 10:53 pm
by HVGS
Hi,
There is an option in 3.2.6 to choose the TLS level.
1.0/1.1 or 1.2 can be selected.
It's under the general option then security tab.
I upped to 1.2 but found old iphones (running IOS7) cannot connect to any secure services as this is a global setting.
Regards,
Phil
Re: Chrome states webmail is no longer secure due to TLS1.0
Posted:
Fri Sep 04, 2015 8:52 am
by Code Crafters
HGVS is right that we've disabled SSL v2/3 support for listening services (SMTP, POP3, IMAP4, WebMail, Remote Admin) and have introduced a general setting to pick TLS v1.0, v1.1 or v1.2.
Picking a newer TLS version is more secure but also less compatible with older mail clients which is why we've up to now left TLS v1.0 as default.
If you feel that a TLS version setting per service would be useful then we can always keep a general setting default and introduce optional overrides for each service. Obviously mail clients using SMTP, POP3 and IMAP4 will only support the same versions for all 3 services but web browser based services (Webmail and Remote Admin) may benefit from being a different TLS version.
Re: Chrome states webmail is no longer secure due to TLS1.0
Posted:
Fri Sep 04, 2015 10:10 am
by Jodrik
I found the setting but my problem was actually in the fact that I used an old cypher suite on requesting the certificate. I re-issued my certificate and that solved the problem.
Re: Chrome states webmail is no longer secure due to TLS1.0
Posted:
Sat Sep 05, 2015 9:23 pm
by Code Crafters
Thanks for the feedback. Glad you managed to solve the issue.