[FQuest Alert] Removal of DES/3DES Encryption Support - Page 2

*ricktrip* · 11-29-2016, 02:49 PM

I’m reluctant to be a burden on the always-generous FQ staff, but I don’t understand any of this announcement.

I realize that I am in a minority here in my limited understanding of computing technology and protocols, but even though I am an amateur, I have successfully run my business for over a decade on the several sites I host with FQ. Now it seems that in a few days, something awful might or might not happen to my email access — and I haven’t a clue what to do.

I use Apple Mail on an iMac and an Apple laptop. It’s all POP since I don’t know what IMAP even means. I routinely access two of my email accounts using QuestMail in addition to Apple Mail. Offering legacy-tls.futurequest.net sounds thoughtful, though I have no hope of following your instructions, and am not even sure if I should. Perhaps FQ could post a “dumbed down” version of your announcement for folks like me who are less sophisticated than we’d like to be?

I see one ray of hope in the email I got from the Service Desk. It said “Note: If your email client is using non secure server settings, Port 110 for POP, Port 25, 587 or 1025 for SMTP and Port 143 for IMAP this does NOT affect you.” I do know how to go into Apple Mail and change port settings. So if make sure they are all “non secure”, will this protect me from disaster?

**Bob** · 11-29-2016, 02:59 PM

Hello,

None of us use Apple machines however I found these instructions for accessing your Apple mail Settings:

Open Apple mail, and go to the “Mail’ menubar at the top of the screen and then select ‘Preferences’ from the menu

Select the ‘Accounts’ tab. From here you can manage your mail accounts.

If you have more than one account configured you would want to choose your FutureQuest hosted account.

From what I understand you should see options for Incoming and Outgoing servers, which would be where you would chacge your Mail Server Host Name or Port.

However we have had two clients that say they contacted Apple and Apple maintains they support TLS 1.2 in Mac OS X 10.12 (Sierra) and iOS 10.1, and if you are running those versions the whole issue may be moot for you...

-Bob

*ricktrip* · 11-29-2016, 03:04 PM

Great to hear, Bob. Thanks for the quick reply!

*artemis* · 12-01-2016, 03:50 PM

First, Thank You for the silver lining of getting rid of the certificate mismatch.

I've implemented the new settings a couple ways. I am using an older email client because I like it, Outlook 2007. The new settings have been applied for an imap account and a pop account -- no issues, really fast (after I fixed my own typos) and there was no messing with any of my 14GB of archives... which I didn't think there would be but... I'm going to leave the others and see what happens on the 6th

Also set up mail on my iphone (which I have resisted) but there is one imap that doesn't get a lot of traffic... I have a 6s. It was very quick and simple. I didn't bother with the existing settings, just used the new ones.

So probably what a couple of my clients who are using apple products or older client software are going to do is switch to the new settings whether they need to or not, just to avoid interruption next week and also to get rid of that security mismatch. Being able to mention that is going to make those who I need to contact happy to hear from me

*jestaguy* · 12-02-2016, 09:00 PM

Hi FutureQuest staff,

Two quick questions:
Do you have a specific time in mind for the switch over on Tuesday? Just wanted to be available to assess the impact as it happens.

Also, will the security mismatch be fixed for those who don't change their settings? From what I understand, the legacy server will fix this, just wanted to know if both servers will fix the error.

Thanks!

**Bob** · 12-02-2016, 09:40 PM

Hello jestaguy,

The time frame basically comes down to the right people being in place and I would hazard a guess of sometime between Mid Morning and Mid Afternoon ET...

In regards to the whole SSL Mistmatch issue for email... The reason the mismatch occurs is that you are using (pop, smtp or imap).yourdomain.com as your mail host name however the certificate is issued to FutureQuest.net, not your domain.

As a result the only reason that using legacy-tls.futurequest.net will not result in a SSL mistmatch is because the certificate is issued to FutureQuest.net, so there would be no change for those not using legacy-tls.futurequest.net (the mismatches would still occur).

As far as someone using legacy-tls.futurequest.net, even if their Email Client supports the newer encryption methods, that is fine as long as they realize that sometime (hopefully) legacy-tls.futurequest.net will no longer be needed and at that time we would probably remove that access...

-Bob

*jestaguy* · 12-02-2016, 09:49 PM

Thanks Bob, that makes sense. Do you foresee a day when the security certificate could be related with individual domains to avoid the mismatch? The constant warning in Outlook and Apple mail is a massive pain in the rear.

Would it be possible to shoot out an announcement or forum post once the server is changed?

Thanks again!

**Bob** · 12-02-2016, 09:52 PM

Hi again jestaguy,

We will absolutely post, here in the Forums, when the change is implemented, that is an easy one

Now as for the other part, that would need Bruce to weigh in on...

However if I may put a Plug in for Thunderbird, at least on Windows, no issues with mismatches, you just accept it once

-Bob

*andyrew* · 12-04-2016, 01:22 PM

Quote:

Originally Posted by jestaguy

My messages disappeared as well (pop account). Andyrew, are you saying you found a way to have them appear with the new server settings?

[...]

I have been using IMAP for years, now, jestaguy, in all-systems (iOS/OSX(Mail and TBird)/win32(TBird)).

I completed everything as suggested by Bob in the original psot, and was faced with the 'blank/NO SUBJECT/1969' headers, so I freaked/bailed-back to my original settings (only to be faced with the same headers).

After I re-re-applied the new settings (per Bob's steps), my iOS and OS X Mail subsequently re-asserted themselves with the correct Headers[{edit}:"/Content"]/

I do not know if it was a propagation issue, or that I entered the wrong info the first time...just chocked-it-up as another example for how I must-need expand my degree of patience.

I have just submitted feedback/request to apple.com for support of the latest (c. 2006/'08) Protocol(s).

It Just (barely) Works, I guess

*andyrew* · 12-04-2016, 02:59 PM

<side-note>

legacy-tls.futurequest.net and the associated settings-change(s) are successful when using the Cisco BCE (Business Class Email) secure email application on iOS

</side-note>