TLS connection issue with Microsoft Office 365 services
- Unsupported PSE certificates are now replaced and fixed.
Microsoft has started disabling support for SSL 3.0 and announced that all clients and browsers need to utilize TLS 1.0 or higher to connect to Office 365 services without issues. As part of this move from Microsoft, connections are also dropped if the certificates are signed with MD2 or MD5 hash algorithms.
If you are unable to send or receive e-mails from the Microsoft Cloud:
For Messaging Security Gateway (MSG)
You can fix this issue by finding and replacing all unsupported certificates from the certificate chain to a higher hash algorithm than the MD2 or MD5.
For Protection Service for E-mails (PSE)
We are currently working to replace the unsupported certificates on our systems. The fix is estimated to be completed by 16 January 2015. As a temporary workaround, follow the steps below:
- If sender is forcing TLS, disable TLS or use Opportunistic TLS mode in Office 365 connector.
- Go to System > SMTP Encryption > TLS Domains.
- Select Never in the Encrypted field.