Code Crafters

I have attached a screen-shot which now makes Chrome state that TLS 1.0 sites are no longer secure. When is AMS moving to TLS 1.1 or above?

Hi,

There is an option in 3.2.6 to choose the TLS level.
1.0/1.1 or 1.2 can be selected.

It's under the general option then security tab.

I upped to 1.2 but found old iphones (running IOS7) cannot connect to any secure services as this is a global setting.

Regards,
Phil

HGVS is right that we've disabled SSL v2/3 support for listening services (SMTP, POP3, IMAP4, WebMail, Remote Admin) and have introduced a general setting to pick TLS v1.0, v1.1 or v1.2.

Picking a newer TLS version is more secure but also less compatible with older mail clients which is why we've up to now left TLS v1.0 as default.

If you feel that a TLS version setting per service would be useful then we can always keep a general setting default and introduce optional overrides for each service. Obviously mail clients using SMTP, POP3 and IMAP4 will only support the same versions for all 3 services but web browser based services (Webmail and Remote Admin) may benefit from being a different TLS version.

I found the setting but my problem was actually in the fact that I used an old cypher suite on requesting the certificate. I re-issued my certificate and that solved the problem.

Thanks for the feedback. Glad you managed to solve the issue.