Important: mailbox.org upgrades TLS encryption protocols

Security is not a one-off activity but a process that needs permanent checking and updating. We at mailbox.org are constantly striving towards offering a wide range of security measures, compliant with current standards, and implementing the highest level of security possible on our servers.

In the week running up to Christmas, we are going to make the first of a series of changes to the background encryption technologies that are used on our servers. Doing this will not just increase security for our customers but is also required for us to maintain compliance, because, from January 2017, the German federal office for information security (BSI) has increased the requirements for their Certification as a “Secure E-mail Provider“.

The new rules that will come into force mean that TLS protocol versions 1.0 and 1.1 must not be used anymore, to be replaced comprehensively by TLS 1.2. The vast majority of implementations do already use this new protocol version and won’t notice a change; however, we estimate there are about 2-3% of systems that use the outdated TLS protocols, especially where customers run older software on legacy operating systems. It is to be expected that other platforms and online shops on the Internet will experience similar compatibility problems, as other providers get their systems up-to-date. Making these systems fit for the new protocols is therefore strongly recommended, as support for legacy systems is going to fade over time.

If your own IT has a few quiet days after Christmas, then this could be an opportunity to have a software review and look for opportunities to replace those products that present a security risk and are no longer fit for service.

 

Planned changes and software compatibility

Older software might no longer be compatible with the new technologies used. The following legacy web browsers may become incompatible with the mailbox.org Office (and other applications on the Internet) sooner or later and will need to be updated:

  • Internet Explorer version 10 or less
  • Firefox version 24 or less
  • Google Chrome version 29 or less
  • Safari version 8 or less
  • Opera version 16 or less

 

Further, e-mail, contacts and calendar functions may no longer work or no longer sync with the mailbox.org Office and other services IF you use the following outdated smartphone operating systems:

  • Android version 4.3 or less
  • Windows 8.1 without further updates
  • iOS version 8.4 or less

 

Users of our dedicated Jabber service will be affected by the changes if they use the Jitsi client für Windows. For now, these users will need to change their client, as Jitsi does not support the new protocol yet.

Please note that updating software products is often generally beneficial as more recent versions may contain fixes to security issues that exist in older versions. Therefore, we would ask all customers who use old software to consider updating it.

At this point, we cannot say when the implementation of the new security requirements will be completed. We are currently determining which customers may be affected by the various changes and how we can ensure a smooth transition for all. However, it is certain that TLS versions 1.0 and 1.1 will sooner or later disappear from the Internet entirely and it is therefore important to take precautions.

 

Technical details and background

In the week coming up to Christmas day, we are going to start implementing the first set of upgrades to TLS encryption on our servers, based on the BSI guidelines TR-03116-4 (Communication security requirements for TLS, S/MIME, OpenPGP and SAML) and TR-02102-2 (Cryptographic mechanisms and keys). Only those providers implementing the above guidelines will be considered for continued certification as a “Secure E-mail Provider” according to BSI guideline TR-03108-4.

 

SHA-1 Hash Algorithm has become obsolete

The grace period for using the SHA-1 algorithm for TLS encryption (BSI guideline TR-02102-2) will cease at the end of 2016. From January 2017, this hash algorithm may no longer be used for authenticating TLS-encrypted messages and certificates. SHA-1 is to be replaced by the stronger variants SHA256 and SHA384.

 

TLS 1.0 and TLS 1.1 may no longer be used

According to the BSI guideline TR-02102-2, TLSv1.0 and TLSv1.1 may no longer be used for encryption from January 2017. The main reason is that the only hash cipher suites defined for these protocols are of the SHA-1 kind, which will be obsolete from next year on. We are currently in the process of assessing the impact of an upgrade on our systems and will be announcing a transition date in early January.

 

Brainpool curves for ECDHE key exchange

Whenever a browser or e-mail client connects to our servers, there is going to be an exchange of temporary session keys required for any data transmitted via TLS. After the connection is closed, the key becomes invalid. This mechanism is also called „Forward Secrecy“ and prevents any subsequent, future decryption of the transmitted data.

For negotiating the temporary session key, there are two principal methods, either the traditional Diffie-Hellman key exchange or a variant that is based on using elliptic curves. The second method supports different kinds of curves, and commonly used today are the NIST-specified „secp256r1“ and „secp384r1“.

The BSI guideline TR-03116-4 requires secure e-mail providers to prefer the elliptic curves „brainpoolP256r1“ or better as specified by the Brainpool consortium over those by NIST. NIST curves are only allowed if the connecting clients (e.g., browsers, or e-mail programs) do not support the Brainpool elliptic curves.

We are going to make changes to the e-mail servers this week to make sure they can offer keys based on Brainpool curves. The upgrades on our web servers are then to follow in January. For you as a customer, there won’t be any adverse effects because the existing methods are going to be maintained as a fall-back option.