Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Xtra Mail Security Protocols are changing
wratterus

1687 posts

Uber Geek


#304013 28-Mar-2023 15:27
Send private message

Anyone else receive an email from Spark noting they are changing to TLS encryption on Xtra mail accounts from May 1? And outgoing port changing to 587. Can't see any mention on their site about this yet. 

Create new topic
tdgeek
28607 posts

Uber Geek

Trusted
Lifetime subscriber

  #3055857 28-Mar-2023 15:29
Send private message

Its removing SSL not adding TLS.

 

 

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
SirHumphreyAppleby
2519 posts

Uber Geek


  #3055916 28-Mar-2023 17:20
Send private message

tdgeek:

 

Its removing SSL not adding TLS.

 

 

It looks like they're moving from port 465 (SMTPS) to 587 (STARTTLS), so there is a bit more involved than just disabling older SSL/TLS revisions which >99% of users likely wouldn't notice. While most users users probably just need to change the port, some e-mail clients may need to be explicitly told to switch to STARTTLS as well. Blat also won't work... oh well, there is better software out there.

 

I'm getting lots of requests from users of my software asking if I support TLS 1.2. Seems to be a lot of providers are switching off SSL support at the present time on 587, where it makes sense to protect user credentials. It doesn't really make sense to turn it off on port 25 given e-mail must be accepted by an MX host without encryption... SSL is better than nothing if it's the best you can negotiate.

tdgeek
28607 posts

Uber Geek

Trusted
Lifetime subscriber

  #3055925 28-Mar-2023 18:00
Send private message

SirHumphreyAppleby:

 

It looks like they're moving from port 465 (SMTPS) to 587 (STARTTLS), so there is a bit more involved than just disabling older SSL/TLS revisions which >99% of users likely wouldn't notice. While most users users probably just need to change the port, some e-mail clients may need to be explicitly told to switch to STARTTLS as well. Blat also won't work... oh well, there is better software out there.

 

I'm getting lots of requests from users of my software asking if I support TLS 1.2. Seems to be a lot of providers are switching off SSL support at the present time on 587, where it makes sense to protect user credentials. It doesn't really make sense to turn it off on port 25 given e-mail must be accepted by an MX host without encryption... SSL is better than nothing if it's the best you can negotiate.

 

 

AFAIK if the client is current, and the settings are SSL Port 465, the client will sort it out. If the client or device is old, that may mean a software update, manually update settings to TLS or get a modern device.



cheshirecat
49 posts

Geek


  #3056628 30-Mar-2023 16:31
Send private message

What's going on here is that older, vulnerable protocols (such as SSLv3) are being retired, but you can continue to use TLS1.1 and TLS1.2 for encryption.

 

In addition, some of the less secure ciphers (3DES, RC4, RSA) are being removed from the ciphersuite.  This is only likely to affect people still using WinXP or Win7 as those system SSL libraries don't always have support for the more modern ciphers.  Spark are trying to balance between removing the older, less secure ciphers vs. keeping compatibility with as many customers' software as they can.

 

In you have linux, install nmap and use these commands to see which ciphers and protocols are being advertised, and how good they are:

 

nmap -Pn --script ssl-enum-ciphers -p 465 send.xtra.co.nz

 

nmap -Pn --script ssl-enum-ciphers -p 993 imap.xtra.co.nz

 

You can also go to this site which will check any SSL endpoint to see how strict their ciphers are https://www.immuniweb.com/ssl/

 

The change of outgoing (submission) port from 465 to 587 is changing from using raw SSL to using STARTTLS.  As far as security is concerned, there's no difference as they both use TLS, but using STARTTLS rather than raw SSL is now considered best practice.  I suspect both ports will remain available for some time anyway, though using 587+STARTTLS will be the recommended one.

 

 

FineWine
2678 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #3056689 30-Mar-2023 17:31
Send private message

How will this affect macOS Apple Mail users?

 

I am currently using Mail 13.4 on macOS 10.15.7 and can not upgrade any further due to the age of my machine.

 

All 5 of my Mail POP addresses are set to Port 465 with TLS/SSL ticked though "Automatically manage connection settings" is also Ticked.




iMac 27" [14.2] (late 2013), Airport Time Capsule 5th gen, iPhone13 x 2, iPad6, iPad Mini5, Spark Smart Modem 1st Gen

 

Panasonic TV Viera TH-L50E6Z (1080p), Panasonic Blu-ray PVR DMR-BWT835, Yamaha AVR RX-V1085 [6.1 Surround Speaker System], Apple TV 4k 64Gb (2nd gen)

 

Kia Sportage Urban EX (2019), Suzuki Swift SR7 (2011)

The difficult we can do immediately. The impossible takes a bit longer. But Miracles you will have to wait for.

tdgeek
28607 posts

Uber Geek

Trusted
Lifetime subscriber

  #3056748 30-Mar-2023 18:33
Send private message

FineWine:

 

How will this affect macOS Apple Mail users?

 

I am currently using Mail 13.4 on macOS 10.15.7 and can not upgrade any further due to the age of my machine.

 

All 5 of my Mail POP addresses are set to Port 465 with TLS/SSL ticked though "Automatically manage connection settings" is also Ticked.

 

 

From what I know the client will sort it out. If a user had an OLD system that cannot manage TLS then it will fail

 

I just looked at my Mail app on MacBookPro 2013, it will Manage the settings. So, despite me being on IMAP but with smtp Port 465, it will manage it, which will be Port 587/TLS

 

Same with my iPhone. Just has an SSL setting, it will manage it. As long as the device supports TLS, it will manage it. IIRC a colleague advised that email SSL was phased out 2015. This means that while SSL email is OLD, its supported. In this thread, SSL support will end, but if you have an non super old system it already has TLS support so it will figure it out

 

 

FineWine
2678 posts

Uber Geek

Trusted
Nurse (R)
Lifetime subscriber

  #3056802 30-Mar-2023 18:55
Send private message

tdgeek:

 

FineWine:

 

How will this affect macOS Apple Mail users?

 

I am currently using Mail 13.4 on macOS 10.15.7 and can not upgrade any further due to the age of my machine.

 

All 5 of my Mail POP addresses are set to Port 465 with TLS/SSL ticked though "Automatically manage connection settings" is also Ticked.

 

 

From what I know the client will sort it out. If a user had an OLD system that cannot manage TLS then it will fail

 

I just looked at my Mail app on MacBookPro 2013, it will Manage the settings. So, despite me being on IMAP but with smtp Port 465, it will manage it, which will be Port 587/TLS

 

Same with my iPhone. Just has an SSL setting, it will manage it. As long as the device supports TLS, it will manage it. IIRC a colleague advised that email SSL was phased out 2015. This means that while SSL email is OLD, its supported. In this thread, SSL support will end, but if you have an non super old system it already has TLS support so it will figure it out

 

thx for all of that 😀




iMac 27" [14.2] (late 2013), Airport Time Capsule 5th gen, iPhone13 x 2, iPad6, iPad Mini5, Spark Smart Modem 1st Gen

 

Panasonic TV Viera TH-L50E6Z (1080p), Panasonic Blu-ray PVR DMR-BWT835, Yamaha AVR RX-V1085 [6.1 Surround Speaker System], Apple TV 4k 64Gb (2nd gen)

 

Kia Sportage Urban EX (2019), Suzuki Swift SR7 (2011)

The difficult we can do immediately. The impossible takes a bit longer. But Miracles you will have to wait for.

Create new topic





News and reviews »

NordVPN Helps Users Protect Themselves From Vulnerable Apps
Posted 5-Dec-2023 14:27

First-of-its-Kind Flight Trials Integrate Uncrewed Aircraft Into Controlled Airspace
Posted 5-Dec-2023 13:59

Prodigi Technology Services Announces Strategic Acquisition of Conex
Posted 4-Dec-2023 09:33

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review 
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18

Amazon Introduces All-New Echo Pop in New Zealand
Posted 23-Oct-2023 19:49

HyperX Unveils Their First Webcam and Audio Mixer Plus
Posted 20-Oct-2023 11:47








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.