Last week we wrote about recent guidance from the National Security Agency (NSA) around weak encryption protocols. In their January 5th announcement, they quickly got to the point: "The National Security Agency (NSA) emphatically recommends replacing obsolete protocol configurations with ones that utilize strong encryption and authentication to protect all sensitive information... Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries." Here at Paubox, we took that as a call-to-action. I'm pleased to announce we completed our platform upgrade today and have eliminated support for obsolete protocols. Our platform upgrade is precisely aligned with the NSA's guidance just two weeks ago. This post will explain what we did, what changed, and plans going forward.
What did we do?
The Transport Layer Security (TLS) protocol is designed to provide communications security over a computer network. TLS can apply to many forms of internet communication, including web (HTTPS) and email (SMTPS). An important thing to know about TLS is that protocols once considered secure just a few years ago are no longer viewed as such. Cases in point: TLS 1.0 and TLS 1.1. In addition, TLS 1.3 is the newest and most secure version of the TLS protocol. TLS 1.3 provides unparalleled privacy and performance compared to previous versions of TLS and non-encrypted SMTP email. On 21 October 2020, we announced an upgrade to our secure email platform by adding support for TLS 1.3. In addition, today we no longer support TLS 1.0 and TLS 1.1 on the Paubox platform.
What's changed?Here's a simple list of security protocols now supported by Paubox:
- SSL v2 (Not Supported)
- SSL v3 (Not Supported)
- TLS 1.0 (Not Supported)
- TLS 1.1 (Not Supported)
- TLS 1.2 (Supported)
- TLS 1.3 (Supported)
In a nutshell, we dropped support for TLS 1.0 and 1.1 and recently added support for TLS 1.3. This is in direct alignment with the NSA: "NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 not be used."
Plans going forwardPaubox now solely supports TLS 1.2 and 1.3 email encryption for all of its solutions:
The work we do around HIPAA compliant email is important. As the internet continues its maturation, we will stay abreast of future TLS protocol improvements. This is our commitment to our customers and to national security.