TLS Support

Summary: This article explains the support for Transport Layer Security (TLS) provided by DuoCircle to encrypt email transmissions, ensuring secure communication. It also includes a guide to enabling TLS for your account.

Objective

By the end of this article, you will understand how TLS encrypts emails, validate TLS settings, and enable TLS on your DuoCircle account for secure email transmissions.

Introduction

Transport Layer Security (TLS) is a protocol that encrypts email transmissions, protecting communication privacy. DuoCircle offers TLS encryption for both inbound and outbound emails, ensuring that sensitive information remains secure during transfer.

Prerequisites

  • Access to your DuoCircle account.
  • Permissions to manage product settings within your account.

Step-by-Step Instructions

  1. Understanding TLS Support:

    • DuoCircle supports TLS for inbound and outbound email traffic.
    • In some cases, TLS must be enabled on a per-domain basis in your account settings.
    • Check your configuration using tools like CheckTLS.com.




      Trying TLS on mx1.mailhop.org[54.186.60.165] (10):
      seconds
      test stage and result
      [000.072]
      Connected to server
      [000.143]<--220 inbound3.ore.mailhop.org ESMTP
      [000.143]
      We are allowed to connect
      [000.143]-->EHLO checktls.com
      [000.239]<--250-inbound3.ore.mailhop.org
      250-PIPELINING
      250-SIZE 52428800
      250-VRFY
      250-STARTTLS
      250-ENHANCEDSTATUSCODES
      250 8BITMIME
      [000.239]
      We can use this server
      [000.239]
      TLS is an option on this server
      [000.240]-->STARTTLS
      [000.311]<--220 2.0.0 Ready to start TLS
      [000.311]
      STARTTLS command works on this server
      [000.467]
      Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
      [000.467]
      Connection converted to SSL
      [000.484]
      Certificate 1 of 2 in chain:
      subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State
      issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
       
      [000.500]
      Certificate 2 of 2 in chain:
      subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State
      issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
       
      [000.500]
      Cert NOT VALIDATED: self signed certificate
      [000.500]
      So email is encrypted but the domain is not verified
      [000.500]
      Cert Hostname DOES NOT VERIFY (mx1.mailhop.org != mail.duocircle.com)
      [000.501]
      So email is encrypted but the host is not verified
      [000.501]~~>EHLO checktls.com
      [000.573]<~~250-inbound3.ore.mailhop.org
      250-PIPELINING
      250-SIZE 52428800
      250-VRFY
      250-ENHANCEDSTATUSCODES
      250 8BITMIME
      [000.574]
      TLS successfully started on this server
      [000.574]~~>MAIL FROM:<[email protected]>
      [000.645]<~~250 2.1.0 Ok
      [000.646]
      Sender is OK
      [000.646]~~>RCPT TO:<[email protected]>
      [000.747]<~~250 2.1.5 Ok
      [000.748]
      Recipient OK, E-mail address proofed
      [000.748]~~>QUIT
      [000.820]<~~221 2.0.0 Bye

      We use self signed certificates because our mail servers respond and emulate thousands of different names and it is the most effective way for us to handle this configuration, it does not interfere with the actual security of the messages.

      We support end to end TLS internet  ------>>>> DuoCircle --------->>>> Your Mail Server

      Enabling TLS on your account

      Log in to your account, select the service and under the Manage Product settings click on the TLS Mode. Our suggestion is to set it to enabled, however by default for accounts created prior to January 2016 the settings is disabled. We suggest you update this to enhance your email privacy.

      All other modules, including phishing protection will continue to work seamlessly.