search cancel

Email security issues

book

Article ID: 113435

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration

Issue/Introduction

The email in CAPM uses spring's javamail class to send email. 
For smtps, we just specify port to use, and starttls.enable=true.
We don't specify what TLS to use. 
It should negotiate that during connection.
It will use the lowest version available but does support TLS 1.2
 

The system you have that e-mails us our bandwidth reports doesn't appear to negotiate anything higher than TLS 1.0 when sending e-mails with the STARTTLS SMTP command.
We are turning off TLS 1.0 support on our mail system in the near future (just as Microsoft is doing for Office 365 and Payment Card Industry compliance also now requires that).
Is there any way you could update/configure this system to use TLS 1.1 or higher?
 
 

Environment

CAPM 3.x

Resolution

if you disable the tls 1.0/1.1 on the mail server
we will use 1.2