Paubox eliminates obsolete TLS protocols, follows NSA guidance

Paubox Eliminates Obsolete TLS Protocols, Follows NSA Guidance

Last week we wrote about recent guidance from the National Security Agency (NSA) around weak encryption protocols.

In their January 5th announcement, they quickly got to the point:

“The National Security Agency (NSA) emphatically recommends replacing obsolete protocol configurations with ones that utilize strong encryption and authentication to protect all sensitive information… Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries.”

Here at Paubox, we took that as a call-to-action.

I’m pleased to announce we completed our platform upgrade today and have eliminated support for obsolete protocols.

Our platform upgrade is precisely aligned with the NSA’s guidance just two weeks ago.

This post will explain what we did, what changed, and plans going forward.

What did we do?

The Transport Layer Security (TLS) protocol is designed to provide communications security over a computer network. TLS can apply to many forms of internet communication, including web (HTTPS) and email (SMTPS).

An important thing to know about TLS is that protocols once considered secure just a few years ago are no longer viewed as such. Cases in point: TLS 1.0 and TLS 1.1.

In addition, TLS 1.3 is the newest and most secure version of the TLS protocol. TLS 1.3 provides unparalleled privacy and performance compared to previous versions of TLS and non-encrypted SMTP email.

On 21 October 2020, we announced an upgrade to our secure email platform by adding support for TLS 1.3.

In addition, today we no longer support TLS 1.0 and TLS 1.1 on the Paubox platform.

What’s changed?

Here’s a simple list of security protocols now supported by Paubox:

  • SSL v2 (Not Supported)
  • SSL v3 (Not Supported)
  • TLS 1.0 (Not Supported)
  • TLS 1.1 (Not Supported)
  • TLS 1.2 (Supported)
  • TLS 1.3 (Supported)

In a nutshell, we dropped support for TLS 1.0 and 1.1 and recently added support for TLS 1.3. This is in direct alignment with the NSA:

“NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 not be used.”

Plans going forward

Paubox now solely supports TLS 1.2 and 1.3 email encryption for all of its solutions:

The work we do around HIPAA compliant email is important. As the internet continues its maturation, we will stay abreast of future TLS protocol improvements.

This is our commitment to our customers and to national security.

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport