TLS1.2 or 1.3 to send e-mail

markus.albisser · ‎2025-03-18

Dear all

We try to configure e-mail settings out of the EcoStruxure IT Datacenter Expert. The requirement here is that we have to use either TLS1.2 or 1.3. But in the configuration, I only have the option of STARTTLS, which is not accepted by our mail provider.

Is there a schedule when native TLS1.2 or 1.3 would be implemented? Actually we are on the version 8.3.0.

Thanks a lot

Markus

JLehr · ‎2025-03-20

Hi @markus.albisser,

The Security policy configured in the desktop client System > Server Administration Settings > Server Access > Security Policy option governs that.

There's a help center article that has a link to security policy definitions from Red Hat.

You'll see that the Default security policy allows TLS 1.2 annd 1.3 protocols.

markus.albisser · ‎2025-03-20

Hi @JLehr

Thank you for your input. I checked the Security Policy Option, we have it set to "Future". According to the documentation it should support TLS1.2 and TLS1.3.

But I am not sure if I formulated my question correctly. Here I am not talking about the web access to the server, it is more how to send e-mails. And when I configure System -> Server Administration Settings -> E-mail Settings, I can use the checkbox for "Secure SMTP". But here it tells that the STARTTLS extension is needed. And when I read through the documentation, the initial mail connection is in plain text before the client/server starts the handshake for the encryption cypher. And this is the point that our provider does not accept any plaintext connection, therefore it does not accept STARTTLS. The aim is that the client directly goes into a handshake for TLS1.2 or 1.3 with the server.

Based on this one I am not sure if the DCE supports this one.

Thank you

Markus

markus.albisser · ‎2025-03-27

Dear community

I just want to ask if someone knows more about the encrypted mail sending here, instead of STARTTLS. Of course also the question again @JLehr , if I probably misunderstood your feedback?

Thanks a lot

Markus

JLehr · ‎2025-03-31

Hi @markus.albisser,

We're looking into this further.

JLehr · ‎2025-03-31

Hi Again @markus.albisser,

I misspoke. I apologize for that. DCE only supports secure mail via STARTTLS.

A feature request was logged to support a TLS negotiation option without STARTTLS, where DCE would negotiate TLS upon connecting to the SMTP server.

TLS1.2 or 1.3 to send e-mail

TLS1.2 or 1.3 to send e-mail

This is a heading