Common Maileater SSL/TLS Questions

Document ID : KB000012503
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:
  1. I have heard that TLSv1.0 can be considered the same as SSLv3.1.  Are there any differences?

  2. I have heard that all SSL versions are broken and insecure due to the POODLE attack.  Is Maileater affected?

  3. TLS negotiates the connection with the email server in plain text.  Are my login credentials being sent unencrypted?

  4. My email server uses a chain of certificates.  Do I need to include the entire chain for maileater to work with TLS?
Environment:
Service Desk 12.9 or 14.1Maileater configured to use TLS
Answer:
  1. TLS 1.0 was the successor to SSL 3.0, and the terms SSL and TLS are used somewhat interchangeably.  TLS 1.0 is equivalent to SSL 3.1, however TLS is not backwards compatible with SSL 3.0 and earlier.

  2. No.  The POODLE (Padding Oracle On Downgraded Legacy Encryption) attack targeted SSL 3.0 and earlier, however proper implementations of the TLS standard check the padding and prevent this attack.

  3. We do not transmit mail server credentials in plain text.  We first send a HELLO packet to the mail server over plain connection and then do “STARTTLS” to enhance the protocol to a more secure version. Only if this step succeeds, we do a login call.

  4. Having the Root CA Certificate (in PEM format) should suffice for the certificate validation.
Additional Information: