TLS Mode Requirements

[willm132]

Exchange business is retiring TLS 1.0 and 1.1 starting on January 3rd, 2022 they will be forcing TLS 1.2. When this happens do I need to change anything when using Swift SMTP? I currently use TLS but it does not specify what version it uses.

We're making some changes to Direct Routing SIP interface.

On January 3rd 2022, to provide the best-in-class encryption to our customers, we will begin retiring Transport Layer Security (TLS) versions 1.0 and 1.1 and begin obligating TLS1.2 usage for the Direct Routing SIP interface.

The move to TLS 1.2 is to ensure that our service is secure by default and in alignment with the rest of Microsoft 365 services as previously communicated (MC126199 in Dec 2017, MC128929 in Feb 2018, MC186827 in July 2019, MC218794 in July 2020, MC240160 in February 2021, and MC292797 in October 2021).
You are receiving this message because our reporting indicates that your organization is still connecting using SMTP Auth client submission via smtp.office365.com with TLS1.0 or TLS1.1 to connect to Exchange Online.

[willm132]

Can anyone help me with this?

[sbeitzel]

Taking a look at TLSConfiguration, it seems that the TLS protocol isn't actually specified in this library, but in the SSL library it depends on (BlueSSL, also from Kitura). I'd start by taking a look over there to see if there's some setting you can provide to it.

[mixable]

Did you find a solution for this? Looking into the SSL library didn't help me to find something about TLS 1.2.

[dannys42]

Is this on Linux or macOS? I haven't spent a lot of time with the OpenSSL library, but if I understand this blog post https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/, then for Linux, perhaps it's just a matter of linking to a newer version of openssl?