Email security issues

Document ID : KB000113435
Last Modified Date : 10/09/2018
Show Technical Document Details
Introduction:
The email in CAPM uses spring's javamail class to send email. 
For smtps, we just specify port to use, and starttls.enable=true.
We don't specify what TLS to use. 
It should negotiate that during connection.
It will use the lowest version available but does support TLS 1.2
 
Question:
The system you have that e-mails us our bandwidth reports doesn't appear to negotiate anything higher than TLS 1.0 when sending e-mails with the STARTTLS SMTP command.
We are turning off TLS 1.0 support on our mail system in the near future (just as Microsoft is doing for Office 365 and Payment Card Industry compliance also now requires that).
Is there any way you could update/configure this system to use TLS 1.1 or higher?
 
 
Environment:
CAPM 3.x
Answer:
if you disable the tls 1.0/1.1 on the mail server
we will use 1.2