Paubox blog: HIPAA compliant email - easy setup, no portals or passcodes

If the government can't use TLS 1.0 and 1.1, why can your email provider?

Written by Dawn Halpin | June 30, 2025

In 2021, the NSA published guidance that couldn’t have been clearer: stop using TLS 1.0 and 1.1.

These outdated encryption protocols are considered obsolete by nearly every major standards body, browser vendor, and cybersecurity agency—including the teams behind Chrome, Firefox, and Safari. Yet platforms like Google Workspace still use them. Worse, they can fall back to these versions without warning, and without notifying the sender.

What’s wrong with TLS 1.0 and 1.1?

TLS 1.0 and 1.1 were introduced more than two decades ago, long before modern encryption practices and threat models were understood. These protocols:

  • Use outdated cipher suites vulnerable to brute force and downgrade attacks

  • Lack support for modern cryptographic algorithms

  • Don’t support forward secrecy, meaning if one key is compromised, all communications can be decrypted

  • Were never designed for the scale or complexity of today’s internet

The vulnerabilities in TLS 1.0 and 1.1 aren are real and actively exploited. Attackers can intercept data in transit, inject malicious content, or downgrade connections using man-in-the-middle attacks. That’s why the IETF issued RFC 8996, stating clearly: “TLS 1.0 and 1.1 MUST NOT be used.”

Deprecation isn’t the same as elimination

You might assume that if a protocol is deprecated, vendors will stop using it. But that’s not how cloud email systems behave. Platforms like Google Workspace and Microsoft 365 are designed for deliverability first—and can fall back to deprecated encryption if that’s what the recipient server allows.

In real-world tests, our team observed:

  • Google Workspace successfully delivering messages over TLS 1.0 and 1.1

  • Microsoft 365 refusing outdated encryption, then silently delivering messages in cleartext

  • No warnings, no bounces, no visible indication to the sender

This is the core risk: fallback behavior is invisible.

Obsolete encryption breaks trust

When a message is sent over TLS 1.0 or 1.1, or worse, in cleartext, the organization loses:

  • Confidentiality – The message can be intercepted or altered

  • Visibility – No log confirms encryption occurred

  • Compliance – There's no proof that data was protected in transit

The result? A complete breakdown in accountability. Sensitive information travels across the open internet under the illusion of protection.

TLS 1.0 and 1.1 are outdated and dangerous. Continuing to support them puts organizations, their partners, and their customers at risk.

To see how these failures play out in real-world platforms, read our report: How Microsoft and Google Put PHI at Risk
View full post