Discontinue Support of TLS 1.0 and 1.1
Latest Patch Discontinue Support of TLS 1.0 and 1.1
With the latest patch of Zimbra email server, the weak TLS 1.0 and 1.1 protocols have been totally removed to comply with the FIPS standard. This impact all Windows 7 and below.
Here is the reported incidents:
1. Outlook 2007/2010/2013 and Live Mail on Windows 7 cannot connect to POP3 and IMAP.
2. Outlook Connector on Windows XP cannot connect to HTTPS.
Because there is no turning back to re-enable weak protocols, our workaround is to turn on cleartext alternative for those affected.
POP3 Client
- Change from 995/SSL to 110/none
IMAP Client
- Change from 993/SSL to 143/none
HTTP Client including webmail
- Change from HTTPS to HTTP
In summary, there is either "with encryption" or "without encryption" options available for customer to choose.
What is the purpose of encryption?
Encryption create a secured tunnel between your computer and the server so that all data transacting on top of it is private. In email traffic, it is mainly protecting your password to be seen in cleartext.
The TLS 1.0 and 1.1 is considered as weak protocols because the secured tunnel can be easily decrypted. The industry expert feel that having weak encrytpion is akin to no-encryption. Hence, in order not to give false sense of security, they have decided to drop it.
Please upgrade your OS and software
For customers using old devices and software, we urge you to upgrade to at least Windows 10 operating system. For the Outlook, you may continue using it if it still working. Otherwise you should upgrade it to the latest version; or change the software to Mozilla Thunderbird.
How To Disable Secure Connection?
THIS IS TEMPORARY WORKAROUND FOR USERS STILL USING OLD SOFTWARE AND OPERATING SYSTEM. IT IS NOT PERMENANT SOLUTION.
CUSTOMER SHALL PLAN UPGRADE TO LATEST VERSION OF SOFTWARE AND OPERATING SYSTEM AS SOON AS POSSIBLE.
IMAP non-secured configuration. Follow below settings.
POP3 non-secured configuration. Follow below settings.
Zimbra Outlook Connector (ZCO) non-secured configuration. Follow below settings.
