Tuesday, 21 November 2017

Disabling TLS 1.0 for Improved Security

Paubox is will be disabling TLS 1.0 beginning 1 December 2017. We are doing this to align with industry best practices for security and data integrity.

While we pride ourselves in our military grade encryption, we also pride ourselves in user experience. No action is required prior to this date – simply continue using your encrypted email service from Paubox as you normally would.

TLS 1.1 will be the new minimum standard security protocol Paubox implements in order to align with industry-wide best practices for security and data integrity.

What is TLS? (What is TLS 1.0?)

TLS, short for Transport Layer Security, is an encryption protocol that protects messages in transit from one server to another. The encryption protocol deploys whenever a web browser or application transmits data over a network.

All Paubox network traffic, whether it contains PHI or not, is encrypted using industry-standard transport encryption (TLS).  TLS prevents emails from being read while in motion and ensures the communication is delivered to the appropriate recipient.

Currently, TLS has three versions: TLS 1.0, 1.1 and 1.2.

READ MORE: How to Check for TLS to Secure Your Email

Why is this happening?

At Paubox, we prioritize user experience, but not at the expense of security.

TLS 1.0 is vulnerable to a few attacks, such as the POODLE (Padding Oracle On Downgraded Legacy Encryption) and BEAST (Browser Exploit Against SSL/TLS).

RELATED: Make a Plan for the Middle Man

TLS 1.1 and 1.2, on the other hand, have no known weaknesses.

We are also acting in accordance with the PCI DSS (Payment Card Industry Data Security Standard). The PCI requires that TLS 1.0 no longer be used for secure communications, giving companies until June 30, 2018 to make the transition.

With this upgrade to TLS 1.1, you can continue sending encrypted HIPAA-compliant email with confidence that the highest security standards are in place and your sensitive information is safe.

When is this happening?

The upgrade will begin on 1 December 2017. The transition will occur “behind the scenes,” so you will not need to change how you normally use Paubox.

After December 1, TLS 1.1 and above will become the standard TLS version for Paubox encrypted email.

What impact will this have to me?

The impact will not affect most users. In fact, most users won’t notice. However, in the unlikely case that you experience any interrupted access to your Paubox account or encrypted email service, contact us at support@paubox.com.

No comments:

Post a Comment