Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel 68 - TLS changes

Discussion in 'E-mail Discussion' started by sparek-3, Jun 13, 2018.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,719
    Likes Received:
    98
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Concerning the TLS changes that were made in the default settings for Exim (Dovecot too?) in cPanel 68. Is it safe to assume that if you are using a modern email client, one that has not reached end-of-life, then you would not experience any issues with this?

    The changes to the default exim configuration basically disabled TLSv1, correct? All modern email clients should be capable of utilizing TLSv1.2 correct?

    So if anyone has any issues sending out mail after this update, essentially they are using an old and outdated email client. Would that be a correct assumption?
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,230
    Likes Received:
    161
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,719
    Likes Received:
    98
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    That patch only applies to Windows 7 Service Pack 1. Is Windows 7 SP1 still in life?

    At least that's what I read from that post. I've always had trouble following Microsoft's updates due to the numbering and foreign technical language they use for their updates.

    I'm basically not wanting to capitulate to clients that want to continue to use really old, outdated, and no longer supported software. This is why Internet insecurities are such as mess now as it is, for years the Internet industries have been allowing clients to dictate their security - because they don't want to change. And as a result insecure security protocols (which aren't really secure) continue to operate.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,230
    Likes Received:
    161
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sparek-3

    Extended support for Microsoft Windows 7 doesn't end until January 2020 based on https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

    Couldn't agree with you more - it applies to the following:
    Windows 8.1 and higher came with support for TLSv1.2

    I believe this is why we implemented the changes to not accept these protocols by default. The threats from POODLE and DROWN were too much to allow accepting these protocols as default behavior.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,719
    Likes Received:
    98
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Bottom Line - I'm just wanting to know if there are any "in-life" email clients out there that don't yet support TLSv1.2? Before I politely accuse clients of using outdated and end-of-life email clients. Mainly Microsoft clients, because I can't keep up with all the different versions of Outlook, Outlook Express, and Windows Live Mail that they have.

    If an email client is still in life, and it doesn't support TLSv1.2 then the onus would seem to be on that email client's developer.

    But if the email client is end-of-life, then the onus is on the hosting client for continuing to use such a product. Perhaps they were legitimately unaware of the issue, but that's kind of the point of disabling those insecure TLS versions... to get their attention on this matter. Don't be mad at your host for wanting your mail server connection to be (really) secure.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,230
    Likes Received:
    161
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sparek-3

    The problem with the outlook clients was that Window's itself didn't have the support for TLSv1.2 the clients and Windows Operating systems past 7 should all support TLS1.2 even the Window's systems running 7 should be able to patch and receive the TLSv1.2 update so, no I do not believe there is anything, not EoL that doesn't accept the protocol.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,719
    Likes Received:
    98
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Thanks! This is helpful.

    I would have thought that Windows Updates on a Windows 7 system would have installed this patch... but it's Microsoft and I don't understand a lot of their systems or how they work.

    I do know that we've had some clients complain about Outlook 2007 not working. But as far as I can tell, Outlook 2007 is well beyond it's end-of-life.

    I just don't have a lot of sympathy for people that want to continue to use end-of-life software and expect it to continue to work. It's like wondering why my TRS-80 or Commodore 64 won't get on the Internet.
     
  8. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,230
    Likes Received:
    161
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I too would have thought the same, but I believe a lot of people have their updates disabled or for some reason didn't get this.

    We got the most support requests on Outlook 2007 being unable to connect when the changes were introduced. The end of Extended support for Outlook 2007 was 10/10/2017

    My first computer was a Commodore 64 we thought they were amazing then.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice