TLS 1.3 - Secure e-mail and transport encryption at mailbox.org
- Encryption mechanisms updated on our server infrastructure
- Better security for e-mails, calendars, contacts, and file transmission
The mailbox.org Office now offers better security for the sending of e-mails by supporting the improved HTTPS transport layer security protocol „TLS 1.3“, which presents the most recent SSL/TLS standard that is currently available. This new version offers better security because some obsolete encryption mechanisms („Ciphers“) were removed, and also because structural security issues that were inherent in older TLS protocol versions have been fixed. Being able to support the latest state of the art in encryption is crucial for us to maintaining the privacy and data protection that is so important for our users.
Aside from improved security, there is another major benefit to using TLS 1.3: With the new protocol, it usually takes less time to establish a connection. While this does not increase the basic transmission speed for data or e-mail downloads, it makes interactive websites like our mailbox.org Office much more snappy to use. Applications that handle a large number of separate web requests will see improved usability, as the servers can now respond quicker to these individual requests.
All modern Web browsers already support TLS 1.3, for example Chrome 70, Firefox 63, MS Edge 76 and also Safari with MacOS 10.14.4 or higher. From a user perspective, nothing really changes as the encryption protocol operates in the background.
What is TLS?
TLS („Transport Layer Security“) is a mechanism for communication partners on the Internet (such as a Web browser and a Web server) to encrypt the data that is being transmitted between the two. To do this, the browser and the server will negotiate the security standard to use for encryption and agree on the best one that is available to both. So, if you use a reasonably modern browser and log on to our mailbox.org Office, you will now get to enjoy the most secure TLS 1.3 encryption standard.
mailbox.org: Always aiming to use the best encryption mechanisms available
Offering support for TLS 1.3 has been on our roadmap for some time, in line with our general aim to always offer the best encryption mechanisms for e-mail and web-mail applications. Within the last few weeks, new Linux versions have been released for the particular distributions that we use as operating systems on our servers, and these do now support OpenSSL with TLS 1.3 out of the box. - For stability and security reasons, we decided to wait until the new protocol was properly supported by those distributions.
Sending e-mails with TLS 1.3 available soon
Currently, not all of our services can actually operate with TLS 1.3 just yet. We will be upgrading services such as XMPP Web chat, some of the less important API servers, and the user forum over the next few weeks to support TLS 1.3. Our mail servers will get their regular updates in the next few weeks also, and it will then be possible to send e-mails securely using TLS 1.3, given the providers on the receiving end also support the new protocol.
Upgrading servers during regular operation is something that requires careful handling, thorough testing, and absolute focus on the task. So, please bear with us as we are finishing the task step by step over the coming weeks. Soon, our team will be at full strength again once everyone has returned from their summer vacation.
TLS 1.0 and lower no longer secure – mailbox.org does not support outdated protocols
Please note: Outdated SSL mechanisms like SSLv2, SSLv3, and also TLS 1.0 are no longer considered sufficiently secure for Internet communication use. The German Federal Office for Information Security has advised to not use these anymore. While there are still e-mail providers around that keep supporting TLS 1.0, to us this is a “No-Go” from a security and privacy perspective. - For security and data protection reasons, mailbox.org stopped supporting TLS 1.0 as well as TLS 1.1 a while ago.
Best wishes,
Your mailbox.org team