Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Xtra Mail Security Protocols are changing
wratterus

1687 posts

Uber Geek


#304013 28-Mar-2023 15:27
Send private message

Anyone else receive an email from Spark noting they are changing to TLS encryption on Xtra mail accounts from May 1? And outgoing port changing to 587. Can't see any mention on their site about this yet. 

Create new topic
tdgeek
29740 posts

Uber Geek

Trusted
Lifetime subscriber

  #3055857 28-Mar-2023 15:29
Send private message

Its removing SSL not adding TLS.

 

 



SirHumphreyAppleby
2844 posts

Uber Geek


  #3055916 28-Mar-2023 17:20
Send private message

tdgeek:

 

Its removing SSL not adding TLS.

 

 

It looks like they're moving from port 465 (SMTPS) to 587 (STARTTLS), so there is a bit more involved than just disabling older SSL/TLS revisions which >99% of users likely wouldn't notice. While most users users probably just need to change the port, some e-mail clients may need to be explicitly told to switch to STARTTLS as well. Blat also won't work... oh well, there is better software out there.

 

I'm getting lots of requests from users of my software asking if I support TLS 1.2. Seems to be a lot of providers are switching off SSL support at the present time on 587, where it makes sense to protect user credentials. It doesn't really make sense to turn it off on port 25 given e-mail must be accepted by an MX host without encryption... SSL is better than nothing if it's the best you can negotiate.

tdgeek
29740 posts

Uber Geek

Trusted
Lifetime subscriber

  #3055925 28-Mar-2023 18:00
Send private message

SirHumphreyAppleby:

 

It looks like they're moving from port 465 (SMTPS) to 587 (STARTTLS), so there is a bit more involved than just disabling older SSL/TLS revisions which >99% of users likely wouldn't notice. While most users users probably just need to change the port, some e-mail clients may need to be explicitly told to switch to STARTTLS as well. Blat also won't work... oh well, there is better software out there.

 

I'm getting lots of requests from users of my software asking if I support TLS 1.2. Seems to be a lot of providers are switching off SSL support at the present time on 587, where it makes sense to protect user credentials. It doesn't really make sense to turn it off on port 25 given e-mail must be accepted by an MX host without encryption... SSL is better than nothing if it's the best you can negotiate.

 

 

AFAIK if the client is current, and the settings are SSL Port 465, the client will sort it out. If the client or device is old, that may mean a software update, manually update settings to TLS or get a modern device.



cheshirecat
50 posts

Geek


  #3056628 30-Mar-2023 16:31
Send private message

What's going on here is that older, vulnerable protocols (such as SSLv3) are being retired, but you can continue to use TLS1.1 and TLS1.2 for encryption.

 

In addition, some of the less secure ciphers (3DES, RC4, RSA) are being removed from the ciphersuite.  This is only likely to affect people still using WinXP or Win7 as those system SSL libraries don't always have support for the more modern ciphers.  Spark are trying to balance between removing the older, less secure ciphers vs. keeping compatibility with as many customers' software as they can.

 

In you have linux, install nmap and use these commands to see which ciphers and protocols are being advertised, and how good they are:

 

nmap -Pn --script ssl-enum-ciphers -p 465 send.xtra.co.nz

 

nmap -Pn --script ssl-enum-ciphers -p 993 imap.xtra.co.nz

 

You can also go to this site which will check any SSL endpoint to see how strict their ciphers are https://www.immuniweb.com/ssl/

 

The change of outgoing (submission) port from 465 to 587 is changing from using raw SSL to using STARTTLS.  As far as security is concerned, there's no difference as they both use TLS, but using STARTTLS rather than raw SSL is now considered best practice.  I suspect both ports will remain available for some time anyway, though using 587+STARTTLS will be the recommended one.

 

 

FineWine
2981 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #3056689 30-Mar-2023 17:31
Send private message

How will this affect macOS Apple Mail users?

 

I am currently using Mail 13.4 on macOS 10.15.7 and can not upgrade any further due to the age of my machine.

 

All 5 of my Mail POP addresses are set to Port 465 with TLS/SSL ticked though "Automatically manage connection settings" is also Ticked.




Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

tdgeek
29740 posts

Uber Geek

Trusted
Lifetime subscriber

  #3056748 30-Mar-2023 18:33
Send private message

FineWine:

 

How will this affect macOS Apple Mail users?

 

I am currently using Mail 13.4 on macOS 10.15.7 and can not upgrade any further due to the age of my machine.

 

All 5 of my Mail POP addresses are set to Port 465 with TLS/SSL ticked though "Automatically manage connection settings" is also Ticked.

 

 

From what I know the client will sort it out. If a user had an OLD system that cannot manage TLS then it will fail

 

I just looked at my Mail app on MacBookPro 2013, it will Manage the settings. So, despite me being on IMAP but with smtp Port 465, it will manage it, which will be Port 587/TLS

 

Same with my iPhone. Just has an SSL setting, it will manage it. As long as the device supports TLS, it will manage it. IIRC a colleague advised that email SSL was phased out 2015. This means that while SSL email is OLD, its supported. In this thread, SSL support will end, but if you have an non super old system it already has TLS support so it will figure it out

 

 

FineWine
2981 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #3056802 30-Mar-2023 18:55
Send private message

tdgeek:

 

FineWine:

 

How will this affect macOS Apple Mail users?

 

I am currently using Mail 13.4 on macOS 10.15.7 and can not upgrade any further due to the age of my machine.

 

All 5 of my Mail POP addresses are set to Port 465 with TLS/SSL ticked though "Automatically manage connection settings" is also Ticked.

 

 

From what I know the client will sort it out. If a user had an OLD system that cannot manage TLS then it will fail

 

I just looked at my Mail app on MacBookPro 2013, it will Manage the settings. So, despite me being on IMAP but with smtp Port 465, it will manage it, which will be Port 587/TLS

 

Same with my iPhone. Just has an SSL setting, it will manage it. As long as the device supports TLS, it will manage it. IIRC a colleague advised that email SSL was phased out 2015. This means that while SSL email is OLD, its supported. In this thread, SSL support will end, but if you have an non super old system it already has TLS support so it will figure it out

 

thx for all of that 😀




Whilst the difficult we can do immediately, the impossible takes a bit longer. However, miracles you will have to wait for.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright