Many companies, including our customers, are still using outdated TLS standards for email communication, which poses a significant security risk to themselves and the entire network. But problems also arise when e-mails suddenly stop arriving because outdated software does not support new TLS standards. In addition, cybercrime and industrial espionage continue to increase. It is necessary for secure business operations to address the issue of email encryption. This article will familiarize you with the basics of TLS encryption. In a later article, we will take a look at best practices in TLS encryption for websites.
Secure e-mail and data exchange is admittedly anything but a simple topic, even for proven system admin experts. Nevertheless, it is absolutely necessary to implement the highest possible TLS standard for e-mail clients on all end devices in order not to jeopardize the security of one's own network. The key to this lies in the foundation - in the cryptographic keys used. The selection and secure storage of the keys that ensure authentication, encryption and decryption is essential to prevent hackers from gaining access.
Introduction for SSL/TLS encryption
There are two basic ways of encrypting data: transport encryption via Transport Layer Security (TLS) and end-to-end encryption. End-to-end" encryption is an enhanced form that is particularly relevant for certain groups of people who hold confidential information (e.g., lawyers, tax consultants, doctors). In this article, we will focus on TLS encryption and its versions in particular.
E-mails, as well as other data exchange, are transported on the Internet in the form of data packets. If the e-mail is transmitted in plain text, it can be read along the entire transport route - unless the mail servers of the sender and recipient communicate via the so-called Transport Layer Security protocol, or TLS protocol. The TLS protocol is, in simple terms, an application layer security protocol used to securely transmit data between client and server over the Internet using encryption, authentication, and data integrity. To do this, a pair of keys is used to authenticate identities and encrypt information sent over the Internet, for example, via HTTPS (web) or IMAPS/POP3S/SMTPS (mail) - one of which is public and intended for wide distribution, and the other is a private key and should be kept as secure as possible.
An earlier version of the TLS protocol is the SSL protocol ("Secure Sockets Layer"). With version 3.1, the protocol was declared the standard and renamed "Transport-Layer-Security", or TLS for short. TLS is thus the new standard and offers significantly higher security than SSL.
The advantages of TLS:
Encryption - The data to be transmitted is secured by encryption procedures.
Interoperability - The TLS protocol works on almost all operating systems and web servers, as well as most web browsers.
Provision - Deployment on any operating system or platform is really easy.
Ease of use - It is easy to use and its operations are almost invisible to the client as it is implemented under the application layer.
Flexibility - It provides operational authentication, encryption algorithms and hashing algorithms used during the secure session.
Search Engine Ranking - Likewise, TLS certificates play an important role in the field of SEO. Website operators can improve their search engine ranking through certificates.
Short trip: Cryptographic Methods & Cipher Suites
Cryptographic methods are algorithms that perform encryption and decryption during data transport. A cipher suite is a standardized collection of these cryptographic methods and specifies a key agreement procedure for the Handshake protocol, an authenticated encryption method for the record protocol, and a hash function for key derivation. Most TLS clients and servers support multiple cipher suites and TLS versions, so when establishing a secure connection, they must negotiate to select a common TLS version and cipher suite.
The German Federal Office for Information Security (BSI) has TR-02102-1 and TR-02102-2 Technical Guidelines published, which provide orientation and recommendations for the selection of cryptographic procedures. In principle, the BSI recommends using only cipher suites that comply with Technical Guideline TR-02102-1.
Email encryption and DSGVO
The General Data Protection Regulation came into force on 25 Mail 2018. According to the new General Data Protection Regulation, all personal data must be encrypted according to the "state of the art". To ensure this, the use of TLS encryption becomes mandatory for websites. But are companies now also required by the GDPR to encrypt all business emails? In short: for transport encryption "yes" and for end-to-end encryption "no". According to Art. 32 GDPR, controllers must select protective measures "taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons". The old Federal Data Protection Act already named encryption as one of the central technical and organizational measures. Encryption had and retains an important position.
Nevertheless, suitable technical and organizational measures should ensure a level of protection that is appropriate to the risk. It is therefore a matter of appropriateness or the need for protection. If data with a high or very high protection requirement, such as health data, is to be sent by e-mail, end-to-end encryption is required. Since this encryption does not protect the metadata such as the subject line of the e-mail, the sender must ensure that the subject line does not contain any data with a high or very high need for protection.
If the sender transmits personal data with a normal need for protection, it is possible to waive end-to-end encryption of the content data in individual cases. As a minimum standard, transport encryption is required for the transmission of personal data with a normal need for protection, according to the supervisory authority.
Before the DSGVO reform, the recommendation of the Federal Data Protection Act was to encrypt e-mails that contain personal data (e.g., invoices to end customers that contain names and addresses or also information on health status). Due to DSGVO, the encryption of personal data must now be proven (accountability).
So how exactly does TLS encryption work?
The TLS protocol operates with the primary goal of providing privacy, security, and data integrity between communicating applications. Thus, the three main components of TLS are:
- Encryption (hiding the transmitted data)
- Authentication (authenticates the identity of the end parties)
- Integrity (verifies that the data is safe from tampering or hacking).
The TLS consists of two sub-protocols, namely the already mentioned Handshake protocol and the Record protocol. The handshake protocol enables the server and client to select an encryption algorithm before the data is sent and thus authenticate each other. The Record protocol works in addition to the classic "Transmission Control Protocol" (TCP) to ensure that the connection is secure.
The client (e.g., a web browser) connects to a server (e.g., a website) using TLS and sends specifications such as a version of TLS and the encryption suites or compression methods it wants to use. The server being contacted checks the highest TLS version supported by both and then selects an encryption suite and a compression method. When this setup is done, the server shares its certificate.
The certificate is then verified by the client or an entity it trusts. And after it has been established that the server really is what it claims to be, a key is exchanged. This key is calculated by both parties for symmetric encryption. This entire process of information between client and server before sending actual data is called handshake. Only after the handshake phase has been successfully completed can the client and server communicate securely.
The Transport Layer Security (TLS) record protocol is responsible for securing application data and verifying its integrity and origin. It manages the following:
- Split outgoing messages into manageable blocks and reassemble incoming messages.
- Compress outgoing blocks and decompress incoming blocks (optional).
- Apply a Message Authentication Code (MAC) to outgoing messages and verify incoming messages using the MAC.
- Encrypt outgoing messages and decrypt incoming messages.
When the Record Protocol is complete, the outgoing encrypted data is passed to the Transmission Control Protocol (TCP) layer for transport.
Secure communication via TLS protocol depends on the functionality of all relevant components on the client side as well as on the server side. If a component is outdated or not set up properly, an older, less secure protocol may be used for communication. It is therefore important to enable TLS 1.2 for all required components. The components required to do this depend on your individual environment. Start the TLS upgrade process with clients before you enable TLS 1.2 and disable older protocols. Make sure that all clients support TLS 1.2. Otherwise, client-server communication may be disrupted.
Choosing the right TLS version
The level of security TLS provides is most affected by the protocol version (i.e., 1.0, 1.1, etc.) and the allowed cipher collections (cipher suites).
TLS 1.0 is a direct evolution of SSL 3.0. TLS 1.0 was superseded by TLS 1.1 in 2006, followed by TLS 1.2 in 2008 and the current version TLS 1.3 in 2018 .Versions 1.0 and 1.1 do not provide sufficient protection because they have security vulnerabilities that can be exploited by attackers. In addition, they do not provide support for modern cryptographic algorithms. The security level of the newer versions 1.2 and 1.3 is significantly higher and should be favored.
However, older programs or operating systems sometimes still reference the old TLS version (1.0 or 1.1) and only change this with appropriate updates.
Most current web browsers and web servers prefer TLS 1.2 and TLS 1.3. In some cases, TLS 1.1 and TLS 1.0 are still supported, but a security warning then appears. SSLv3 and SSLv2 are deactivated in current browsers, among other things because of the POODLE security vulnerabilities. Major players in the software market, including Mozilla, Microsoft, Apple, and Google, announced that TLS 1.0 and TLS 1.1 will be discontinued by the end of 2020. Companies should check that the email programs they use are compatible with at least TLS 1.2.
Enabling TLS 1.2 in Windows and macOS
Windows:
The easiest solution to support TLS 1.2 for Windows 7 users is to update to Windows 10. If this is not desired, you will need at least a Windows 7 version with Service Pack 1 (SP1) installed to use TLS v1.2. For more information for Windows users, see here.
MacOS:
TLS v1.1/1.2 is automatically enabled from versions macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 active.
If the Mac Mail.app is used, the OSX version must be set to at least macOS Sierra 10.12.6 or High Sierra 10.13 be updated to support TLS versions v1.1 / v1.2.
Alternatively, another email client such as Thunderbird can be used.
In Mozilla Thunderbird, the configuration editor can be used to specify the minimum and maximum encryption to be used by Mozilla Thunderbrid via the security.tls.version.min or security.tls.version.max setting. Link to the official documentation of Mozilla Thunderbird
Old OSX versions (before 2015) are still in line with the standards since 2006 not compatible and need to be updated.
Conclusion
The TLS protocol ensures that data cannot be read during transmission between client and server or server and server. With transport encryption, the e-mail is decrypted at the sender and recipient, but unreadable in transit.
Due to security vulnerabilities in the older implementations TLS 1.0 and TLS 1.1, these should no longer be used. Therefore, as a user, it is important to always use current versions of clients (browsers and email clients, for example).
At ScaleUp, we follow the recommended guidelines and are aware that the strict approach can also have negative consequences, especially with regard to older software, some of which is still being used by customers. Ultimately, however, the security of all customers must be our primary concern. We are gladly at your disposal for Queries available.