TLS connection issue with Microsoft Office 365 services

Khairul_AKhairul_A Posts: 272 F-Secure Employee

16/1/2015 (Update)

  • Unsupported PSE certificates are now replaced and fixed.

 

5/1/2015

Microsoft has started disabling support for SSL 3.0 and announced that all clients and browsers need to utilize TLS 1.0 or higher to connect to Office 365 services without issues. As part of this move from Microsoft, connections are also dropped if the certificates are signed with MD2 or MD5 hash algorithms.

 

If you are unable to send or receive e-mails from the Microsoft Cloud:

 

For Messaging Security Gateway (MSG)

You can fix this issue by finding and replacing all unsupported certificates from the certificate chain to a higher hash algorithm than the MD2 or MD5.

 

For Protection Service for E-mails (PSE)

We are currently working to replace the unsupported certificates on our systems. The fix is estimated to be completed by 16 January 2015. As a temporary workaround, follow the steps below:

 

From cloud:

tls-from-cloud.png

  1. If sender is forcing TLS, disable TLS or use Opportunistic TLS mode in Office 365 connector.

 

To cloud:

tls-to-cloud.png

  1. Go to System > SMTP Encryption > TLS Domains.
  2. Select Never in the Encrypted field.
fatboy
This discussion has been closed.