Challenges with maintaining Legacy systems
It can make perfect sense to continue to run existing reliable and proven systems, especially if operational requirements have not changed. Alas, the developing nature of technology means that from time-to-time, issues arise.
Changes to email encyption protocols
Modern computer communication services support the Transport Layer Security (TLS) encryption protocol. This aims to protect the information sent and received over a standard Simple Mail Transfer Protocol (SMTP) connection between two computers while ensuring that they both agree and understand the method of data transfer.
However, the earlier versions of TLS 1.0 and 1.1 have been deemed by the industry to be not secure enough and have been superseded by versions 1.2 and 1.3. You and/or your service provider may have already transitioned to the latest protocols. However, if you have old hardware running legacy software, as support from service providers is withdrawn, you may find your email stops working.
How you can tell if it’s an issue
If you’re using an Apple Mac then the Safari Browser has supported TLS 1.2 for web traffic protection since version 7 in 2013. However, if you’re still running ‘El Capitan’ OSX 10.11 with Apple Mail 9.3, it won’t support TLS 1.2 for email. Other computer hardware and software combinations may also run into problems.
Most browsers including Safari ended support for TLS 1.0 and 1.1 in March 2020, and various service providers have either already dropped or soon will withdraw operation of the older TLS protocols.
For instance, one.com will stop support of TLS 1.0 and 1.1 on 17th August 2021. Other service providers may have different end of life dates. If you’re using the one.com service then there’s an easy way to check:
send an email to:
protocol@tls-check.one.com.
This will provide an automated reply telling you what protocol you’re using (works with iPhones and iPads too), like this:
{
“started”: true,
“protocol”: “TLSv1.2”,
“cipher”: “ECDHE-RSA-AES256-GCM-SHA384”,
“keysize”: 256
}
Other service providers may have similar methods of verifying the protocols, so it’s worth checking with them. Failing that, you may be able to examine the headers of your emails, to look for something like this:
version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128
Solutions if you’re affected
To ensuring your email continues to function, the options include:
- Updating your operating system. In the case of Apple Mail on Mac computers, this means moving to ‘Sierra’ OSX 10.12 as Mail cannot be separately upgraded.
- Using a different email client with TLS 1.2 support, e.g. Mozilla Thunderbird.
- Using a browser based solution for your email
- Changing your settings to send and receive email without encryption (not recommended)
Balancing New Requirements and Legacy Support
If you want to stick with your current hardware and software choices, this does present a problem, particularly if you’re otherwise happy with your setup and are unable to upgrade.
Alas if you want full compatibility (and security) with the latest industry supported functionality, whilst retaining operation of other legacy applications, consideration has to be made to invest in new hardware to run in parallel with older systems, which continue to be maintained to perform dedicated compatibility functions.
YellowsBest: Keeping Customers Operational
If you have similar or other new requirements and legacy maintenance needs, please get in touch to discuss how we may be of assistance to keep you operational.