Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Microsoft Disabling TLS 1.0/1.1 for POP3 and IMAP4 on December 01, 2022
188 views
Skip to first unread message
Larry Dighera
Nov 10, 2022, 7:49:40 PM11/10/22
to
I just received the message below, and am wondering if Forte will be issuing
an upgrade for Agent to support Microsoft's change to TLS 1.2.
=============================================================================
Disabling TLS 1.0/1.1 for POP3 and IMAP4 on December 01, 2022
Starting on December 01, 2022, Office 365 will begin retiring Transport
Layer Security (TLS) 1.0 and 1.1 for POP3 and IMAP4. TLS is a standard
protocol used to provide secure web communications for POP3 and IMAP4. POP3
and IMAP4 are the client/server protocols for receiving emails. We will
enforce TLS 1.2 moving forward to provide enhanced encryption and help
ensure your emails are received more securely. We have already disabled TLS
1.0 and 1.1 for most Microsoft 365 services in the worldwide environment.
When this will happen
December 01, 2022
What do I need to do?
Our records show that your email account has recently been accessed with
POP3/IMAP4 through TLS 1.0 or 1.1.
POP3 and IMAP4 will not be able to connect with TLS 1.0 and 1.1 starting on
December 01, 2022. You will not be able to receive emails with POP3/IMAP4
protocol after that. To continue accessing your email account using POP3 or
IMAP4, please upgrade/update your client to support TLS 1.2. Your emails
will not be removed, but you cannot access them without upgrading your
client. You can find out technical details on how to upgrade in this
article: Disabling TLS 1.0 and 1.1 for Microsoft 365 - Microsoft Purview
(compliance) | Microsoft Docs
What if I cannot update/upgrade?
If you cannot update/upgrade your legacy client, we provide an opt-in
endpoint for you to continue connecting with TLS 1.0/1.1. Your legacy
clients must be configured to pop-legacy.office365.com for POP3 and
imap-legacy.office365.com for IMAP4. Using legacy versions of TLS is not as
secure as TLS 1.2, however, so we recommend you update and use TLS 1.2.
==============================================================================
Ralph Fox
Nov 10, 2022, 11:37:35 PM11/10/22
to
On Thu, 10 Nov 2022 16:49:34 -0800, Larry Dighera wrote:
> I just received the message below, and am wondering if Forte will be issuing
> an upgrade for Agent to support Microsoft's change to TLS 1.2.
No upgrade needed. You just need to make a small configuration change in Agent.
> I just received the message below, and am wondering if Forte will be issuing
> an upgrade for Agent to support Microsoft's change to TLS 1.2.
See this message for details of the configuration change:
* On Google Groups: <https://groups.google.com/g/alt.usenet.offline-reader.forte-agent/c/mJmtMSUqp6M>
* On Narkive: <https://alt.usenet.offline-reader.forte-agent.narkive.com/35h3yv8s/notice-agent-and-ssl>
* On Usenet: <news:p8hpuglnb0tot2oot...@4ax.com>
If you are using Windows 7, 8, 10, or 11, then this will work.
If you are using XP, this may not work. Agent relies on the operating system
to support SSL/TLS, and XP did not support TLS 1.2.
Kind regards
Ralph Fox
🕵️🔐✔
Larry Dighera
Nov 11, 2022, 11:29:45 AM11/11/22
to
Ralph,
Thank you once again for your sagacious assistance.
I'll post a copy of your article in this message for redundancy.
Very much appreciated.
Best regards,
Larry
===================================================================
Ralph Fox
If you use SSL in Agent 3.2 - 8.0, or if you want to use SSL, these days
you may need to make the following configuration change in AGENT.INI.
In the [Online] section of AGENT.INI,
change the setting 'AllowedSSLProtocols' from this:
AllowedSSLProtocols=0
to one of these:
* In Windows 11, and in Windows 10 version 1903 and later
AllowedSSLProtocols=10880
* In Windows before Windows 10 version 1903
AllowedSSLProtocols=2688
EXPLANATION
When Agent's SSL was implemented, the highest version of SSL in
use was TLS1.0. The AGENT.INI default setting AllowedSSLProtocols=0
will support versions of SSL up to TLS1.0.
Since then, TLS1.0 has been deprecated. Many mail servers and some news
servers have stopped using TLS1.0. Many mail servers and some news servers
now require a minimum SSL version of TLS1.2.
The setting AllowedSSLProtocols=2688 will configure Agent to support
SSL versions up to TLS1.2 (providing your Windows supports it; do not
expect it to work on Windows 95).
The setting AllowedSSLProtocols=10880 will configure Agent to support
SSL versions up to TLS1.3 in Windows 10.1903 and later.
--
Kind regards
Ralph
===================================================================
On Fri, 11 Nov 2022 17:37:28 +1300, Ralph Fox <-rf-nz-@-.invalid> wrote:
>On Thu, 10 Nov 2022 16:49:34 -0800, Larry Dighera wrote:
>
>> I just received the message below, and am wondering if Forte will be issuing
>> an upgrade for Agent to support Microsoft's change to TLS 1.2.
>
>
>No upgrade needed. You just need to make a small configuration change in Agent.
>
>See this message for details of the configuration change:
>
> * On Google Groups: <https://groups.google.com/g/alt.usenet.offline-reader.forte-agent/c/mJmtMSUqp6M>
>
> * On Narkive: <https://alt.usenet.offline-reader.forte-agent.narkive.com/35h3yv8s/notice-agent-and-ssl>
>
> * On Usenet: <news:p8hpuglnb0tot2oot...@4ax.com>
>
>
>If you are using Windows 7, 8, 10, or 11, then this will work.
>If you are using XP, this may not work. Agent relies on the operating system
>to support SSL/TLS, and XP did not support TLS 1.2.
>
>
>> =============================================================================
>> Disabling TLS 1.0/1.1 for POP3 and IMAP4 on December 01, 2022
>>
>> Starting on December 01, 2022, Office 365 will begin retiring Transport
>> Layer Security (TLS) 1.0 and 1.1 for POP3 and IMAP4. TLS is a standard
>> protocol used to provide secure web communications for POP3 and IMAP4. POP3
>> and IMAP4 are the client/server protocols for receiving emails. We will
>> enforce TLS 1.2 moving forward to provide enhanced encryption and help
>> ensure your emails are received more securely. We have already disabled TLS
>> 1.0 and 1.1 for most Microsoft 365 services in the worldwide environment.
>>
>>
>> When this will happen
>> December 01, 2022
Ralph Fox
Nov 11, 2022, 4:07:44 PM11/11/22
to
On Fri, 11 Nov 2022 07:39:02 +0000, Charlie+ wrote:
> Forgive my ignorance please! I use as my workhorse XP SP3 with Agent V6
> collecting POP3 email from Gmail with an app password. Also n/groups
> from Newsnet-news (a block provider). Is something just going to stop
> working in my setup that I need to prepare for with this December 01
> change? (Ralph's Agent.ini recommended edit I did some time ago). C+
Microsoft is making this change on December 01, 2022 to some Microsoft
services.
What Gmail does to Gmail services is completely independent of Microsoft.
What Newsnet-news does to Newsnet-news services is completely independent
of Microsoft.
Check for announcements from Gmail to see if and when Gmail will be making
a similar change. Check for announcements from Newsnet-news to see if and
when Newsnet-news will be making a similar change.
--
Kind regards
Ralph
Agent Unicode Test: ☄️🌚️🔥️🛸️🌃️🧟️
> Forgive my ignorance please! I use as my workhorse XP SP3 with Agent V6
> collecting POP3 email from Gmail with an app password. Also n/groups
> from Newsnet-news (a block provider). Is something just going to stop
> working in my setup that I need to prepare for with this December 01
> change? (Ralph's Agent.ini recommended edit I did some time ago). C+
Microsoft is making this change on December 01, 2022 to some Microsoft
services.
What Gmail does to Gmail services is completely independent of Microsoft.
What Newsnet-news does to Newsnet-news services is completely independent
of Microsoft.
Check for announcements from Gmail to see if and when Gmail will be making
a similar change. Check for announcements from Newsnet-news to see if and
when Newsnet-news will be making a similar change.
--
Kind regards
Ralph
Agent Unicode Test: ☄️🌚️🔥️🛸️🌃️🧟️
Lars-Erik Østerud
Jan 9, 2023, 3:34:25 PM1/9/23
to
> ===================================================================
> Ralph Fox
> If you use SSL in Agent 3.2 - 8.0, or if you want to use SSL, these days
> you may need to make the following configuration change in AGENT.INI.
>
> In the [Online] section of AGENT.INI,
> change the setting 'AllowedSSLProtocols' from this:
>
> AllowedSSLProtocols=0
>
> to one of these:
> * In Windows 11, and in Windows 10 version 1903 and later
>
> AllowedSSLProtocols=10880
>
> * In Windows before Windows 10 version 1903
>
> AllowedSSLProtocols=2688
I figured out that when TLS 1.4 comes the value will be 43648
> Ralph Fox
> If you use SSL in Agent 3.2 - 8.0, or if you want to use SSL, these days
> you may need to make the following configuration change in AGENT.INI.
>
> In the [Online] section of AGENT.INI,
> change the setting 'AllowedSSLProtocols' from this:
>
> AllowedSSLProtocols=0
>
> to one of these:
> * In Windows 11, and in Windows 10 version 1903 and later
>
> AllowedSSLProtocols=10880
>
> * In Windows before Windows 10 version 1903
>
> AllowedSSLProtocols=2688
(actually it works using that value now as well :-)
But what happends when we come to TLS 1.5?
If I try the value 174720 I get lots of error.
I guess that is because the numer is greter than 16-bit (65535).
So how will we then make Forte Agent allow using TLS 1.5?
Isn't there a vaulue to make it allow ALL TLS versions?
Ralph Fox
Jan 10, 2023, 12:15:30 AM1/10/23
to
"Datagram Transport Layer Security" (DTLS) 1.0 client side
and not a hypothetical future TLS 1.5.
<https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>
See field 'grbitEnabledProtocols' in Microsoft's SCHANNEL_CRED
structure:
<https://learn.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred>
There is no bit in Microsoft's SCHANNEL_CRED structure for a
hypothetical future TLS 1.5.
Whether this would become a real problem for Agent will depend on
whether it would become necessary to support this hypothetical TLS 1.5
before 19 January 2038. Agent will not work properly after 19 January
2038. <https://en.wikipedia.org/wiki/Year_2038_problem>
--
Kind regards
Ralph
山高自有客行路,水深自有渡船人。
0 new messages