TLS v1.0 & Apple Mail Clients

During recent upgrades to our servers, we determined there is an issue that has arisen with customers using older versions of Apple’s mail clients and connecting over secure settings. These clients do not support more recent versions of the TLS v1.1 and TLS v1.2 protocols. Older mac mail clients only provide support for TLS v1.0. These protocols are important because they are used for security and encryption of your email. Typically, the error given is non-descript such as “Cannot Connect to Mail Server.”

TLS v1.0 has been considered vulnerable and deprecated for some time. This was partly due to the protocol not verifying the signing authority, only checking if the encryption is present. This poses a specific danger since the forgery of email can occur and then be encrypted and TLS v1.0 protocol cannot ensure the authority’s identity.

Think of this analogy:

You get a letter from a government agency. The letter in all ways looks to be authentic on a government letterhead, a correct return address, and a valid signature. However, it is, in fact, a forgery and was sent from someone else. There’s very little chance of you, the recipient, being able to determine the forgery. This places you at a large security risk since you cannot trust any letter being delivered.

What you can do

In short, we will be allowing TLS v1.0 back on our servers as to not interrupt email service to those customers using older versions of Apple Mail clients. This is a courtesy and does come with certain risks.

The recommended solution to ensure your email is encrypted and safe would be to update the mail client to the latest version.

If upgrading your client is not an option, you can alternatively change your mail client settings to not use any encryption, although this is highly not recommended for obvious security reasons. Please read our article on mac mail settings.

Was this article helpful? Let us know!