Which version of TLS is used in E-Mail Configuration?

Version 1

    Details

    In the email configuration it is possible to use SSL/TLS. Which version is supported?


     


    Resolution

    HEATSM doesn't have explicit SSL/TLS versions in it's configuration. The HEATSM application uses the underlying .NET framework and OS for managing the TLS connections.

    The application relies upon .NET Framework and OS to decide on the configurations that are enabled.

    As long as both origin and destination have a common TLS protocol support, then the application should work without any issues.

    Our  product supports any combinations with the constraint that there must  be at least one common TLS protocol enabled at both origin and  destination.

    Windows Vista and Windows Server 2008 does not support TLS 1.1 & TLS 1.2.
    Windows 7 & Windows 2008 R2 has capability to support TLS 1.1 & TLS 1.2 but not enabled on by default.
    All other later operating systems have support for TLS 1.1 & TLS 1.2.
    .NET Framework 4.5.1 has support for TLS 1.1 and TLS 1.2 but not enabled by default
    .NET Framework 4.6 has TLS 1.1 & TLS 1.2 enabled by default.

    Please make sure that the latest service pack are installed and cumulative updates on all machines where HEAT applications are installed.

    Make sure that .NET Framework 4.6 is installed on machines where HEAT application is installed.

    Microsoft provides the ability to restrict what type TLS connections are possible at both incoming connections and out going connections independently.

    It is possible to restrict to allow only TLS 1.2 for all incoming connections why still supporting multiple versions for out going connections.

    These TLS restrictions are enforced at both network connection origination machine and network connection termination machine.

    Please refer to the following articles to get more information on TLS support on windows.

    https://support.microsoft.com/en-us/kb/245030
    https://technet.microsoft.com/en-us/library/dn786418.aspx
    http://blogs.msdn.com/b/kaushal/archive/2011/10/02/support-for-ssl-tls-protocols-on-windows.aspx
    https://support.microsoft.com/en-gb/kb/3080079
    http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx