Proofpoint has removed support for TLS 1.0 and 1.1 this week. Going forward they will only support TLS 1.2 and higher. This also impacts customers who have setup SMTP Auth for scanners, printers and other devices. We apologize that this change impacted our customers.
The change we made includes disabling opportunistic TLS 1.0, TLS 1.1 and a short list of ciphers;
- ECDHE-RSA-AES128-SHA,
- ECDHE-RSA-AES256-SHA,
- AES128-SHA,
- AES256-SHA
This change was motivated by the security community’s consensus to recommend deprecation of these protocols. These protocols have multiple known vulnerabilities of varying severity. Other security vendors are making similar changes; for example, see https://learn.microsoft.com/en-us/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365?view=o365-worldwide.
Prior to making the change, we audited our MTAs and found that only about 0.1% of SMTP connections were using these deprecated protocols and ciphers. Furthermore, given that almost all SMTP clients use STARTTLS opportunistically, the clients would fall back to an unencrypted transmission if a secure connection could not be negotiated.
Given the combination of the extremely low usage of the protocols observed along with the transparent fallback to an unencrypted connection we believed that any customer impact would be very unlikely.
In future, we will provide advanced notice about any changes that may have a customer-facing impact.
Currently, Proofpoint's MTAs support TLS 1.2, TLS 1.3 and the following list of ciphers:
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_256_GCM_SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-SHA256
- ECDHE-RSA-AES256-SHA384
- AES128-GCM-SHA256
- AES256-GCM-SHA384
- AES128-SHA256
- AES256-SHA256
We apologize again for the issue.
Carlos Rios
Comments