Secure email with TLS v1.2

RDO Servers

New member
Joined
Apr 3, 2015
Messages
770
Points
0
We have a customer that has a PCI compliant server cluster. We recently made a move to fully disable TLS v1 (Transport Layer Encryption, the successor to SSL) since it will no longer be considered PCI compliant as of June 2016.

After doing so, we learned 2 interesting thing.


A) Even though Windows 7 "includes" and "supports" TLS, it is disabled by default. In order to to use the most current and secure TLS in Windows 7, you have to add the following registry keys.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000



B) Aparently, Apple has decided to disable TLS support on the iPhone and iPads....
We have been working to find the reason we are unable to connect via a iPad or iPhone once TLS v1 is disabled. After speaking to a Apple online tech, we were told that this week, Apple pushed out an update that disabled TLS support.....


Has anyone else run into this issue?
 

ElixantTechnology

New member
Joined
Nov 26, 2014
Messages
622
Points
0
EDIT: I read this wrong; ignore my last comment.

No, I haven't come across this issue as of yet.... Also, last I checked, TLS 1.1+ are only disabled in Internet Explorer, and should be functional everywhere else.... That leads me to the next question; why are they still using Internet Explorer?
 

RDO Servers

New member
Joined
Apr 3, 2015
Messages
770
Points
0
RDO Servers
Ug, I can't stand IE and haven't used it in years!

Sorry, I should have been more specific, the issue was not with http, but with POP3. Aparently there are quite a few "new" devices that have yet fully caught up to the latest standard and will crap out if they can't fall back to TLSv1
 

ElixantTechnology

New member
Joined
Nov 26, 2014
Messages
622
Points
0
That would explain why I have had more and more iPhone customers coming into the store with issues relating to connecting to their E-Mail accounts......
 

RDO Servers

New member
Joined
Apr 3, 2015
Messages
770
Points
0
RDO Servers
Yep!

According to the Apple tech I spoke to, the recent update was to "fix" security vulnerabilities. When in fact, they actually downgraded the security on them.....

Gotta love Apple!
 
Older threads
Replies
1
Views
3,931
Replies
5
Views
6,654
Replies
0
Views
4,785
Replies
2
Views
2,531
Newer threads

Referral contests

Referral link for :

Sponsors

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top