cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1396
Views
6
Helpful
3
Replies

ESA SMTP TLS

cyberurmel
Level 1
Level 1

Hello there, 

just perhaps a few simple questions for the professionals - could you be so kind to answer ? 

Mailsettings at moment : 

TLS 1.1  1.2 preferred for in and outbound 

questions : 

- anyone know when 1.3 is offered in ESA

- can i see how much from the incoming are using 1.1 instead of 1.2? 

i only find encrypted in summary . 

is it useful or best practices currently to disable 1.1 and set expected instead of preferred? 

thanks a lot 

 

Regards

 

 

 

1 Accepted Solution

Accepted Solutions

The last roadmap I saw said 2H2023 (fiscal year, so... Aug?) They know that reporting on TLS1.1/1.2 etc. is weak, and more detailed reporting is coming, probably same time frame..
In the mean time you can look at your mail logs, they have the detail you're looking for.
I would check your logs for the past 6months... if no-one is using TLS1.1, you're probably safe turning it off...

View solution in original post

3 Replies 3

The last roadmap I saw said 2H2023 (fiscal year, so... Aug?) They know that reporting on TLS1.1/1.2 etc. is weak, and more detailed reporting is coming, probably same time frame..
In the mean time you can look at your mail logs, they have the detail you're looking for.
I would check your logs for the past 6months... if no-one is using TLS1.1, you're probably safe turning it off...

Hi Ken,



thanks a lot..



so i found nothing with

grep "TLSv1.1" mail_logs and a flood with grep "TLSv1.2" mail_logs



so you think that's an useful indicator to switch only to 1.2?

And as addon ..what do you think is better way - to accept only 1.2 or fallback to not encrypted? As I can see currently about 10 % is not encrypted.



Best Regards




Any news on this potential better reporting for TLS (or no TLS) and cipher used as we are moving out of TLS1.0, 1,1,1,2 and now 1,3 ?

That would be really valuable to investigate and detect non-compliant senders! even more with YAHOO and GOOGLE enforcing TLS and DMARC compliance

ref : https://dmarcian.com/yahoo-and-google-dmarc-required/