PCI Compliance - TLSv1.0 Encryption Support

[jestaguy]

Does anyone know of any compliant iOS mail apps? From what I'm reading, the stock email client in MacOS Sierra supports the newer protocol but iOS 10 does not. It seems we're on our own with this one.

Thoughts?

*edit*
Looks like Outlook for iOS may work. It only allows IMAP but seems to require TSL 1.1 at minimum.

[hobbes]

Quote:

Originally Posted by Terra

abrams, a couple links that may be helpful:
1) https://support.office.com/en-us/art...0-d1c5f1109f40
2) https://service.FutureQuest.net/inde...rticle/View/63

Note that Outlook Win has separate SSL and TLS drop-down options for SMTP and IMAP, however POP only has an SSL checkbox.

Terra - that was a rasberry in the scan two-step box

[Kevin]

Abrams,

We are very confused by your problem. We looked back in the logs from yesterday and you were using TLS1.0 to send email. That was what we turned off and have since turned back on. However, now your connections seem to be failing on SSL which has been disabled for a long time (I even looked at the server backups from last night to make sure that your server wasn't somehow different than the others).

Maybe your client got confused by the legitimate error and needs to be reset in some way. None of us has any experience with that client so I am not sure what options it has to offer.

[Terra]

jestaguy, I found some links that might help explain the Apple mail app situation:
https://discussions.apple.com/thread...art=0&tstart=0
https://serverfault.com/questions/75...-with-ios-mail
http://www.clift.org/fred/frustratio...-yosemite.html
http://www.clift.org/fred/apple-mail...revisited.html

Given that Apple has really dropped the ball on this, it looks like we will have to step up and work around their technical failings in supporting their own customers...

I need to take some time and think about how FutureQuest can provide a solution for Apple shortcomings... This IMHO is my biggest gripe about Apple's walled garden approach to technology...

[hobbes]

Terra - is it possible to setup a non-TLS1.0 mail server for us to test mail apps against? It doesn't have to really send out messages, just for testing connections.

[abrams]

Miracles happen. I downloaded thunderbird and installed. When I opened, it contained all my Eudora OSE email complete with folders - only with a really ugly interface. Test messages came in and were filtered properly. Someone must have built this into the new version. Why they don't say this is beyond me.

Since you/fq changed settings, I am hoping this doesn't mean this will crash also in a week?

Kevin, none of the settings were working, so I probably left it on the wrong(?) one. Who knows, they are all wrong, so...

I checked the raw configuration editor in Thunderbird and found the settings to be correct.

Outta here.

Thanks.

2.5 hrs later....

[Kevin]

If anyone is willing to complain to their hardware/OS/application vendors about this please feel free to remind them that TLS1.1 came out in 2006 and was replaced by TLS1.2 (still the current standard) in 2008.

The credit card processing industry is only asking them to adopt technology that has been obsolete since George W Bush was the President.

[hobbes]

Kevin - you saying the tech has been Trump'd?

[Kevin]

Quote:

Originally Posted by hobbes

Kevin - you saying the tech has been Trump'd?

lol, I wasn't trying to get political the election was just the biggest thing I could think of when remembering 2008

[jestaguy]

Hey Terra,
Yeah, it's a mess and I certainly don't envy your situation. I'm certainly not going to try and defend Apple. They should be on the ball, especially with all the touting they do regarding security. I know FQ is trying to do the right thing here. Frankly when we move to our own hosted shop next year we'll appreciate the TLS update.

Unfortunately the situation can't excuse the fundamentally massive user base on iOS. Any rabbit you can pull from a hat would be greatly appreciated. Removing SSL or jumping to a 3rd party email app both feel like truly terrible options.