On 12 October 2022, we'll remove support for TLS 1.0 and 1.1 on our SMTP infrastructure. This change is part of our security enhancement strategy and continuation of the work we've started in recent years. To read more about our security upgrade plans, check out our blog.
We'll be approaching this change in two distinct parts:
Part one: Temporary 'brownout'
We want to help customers identify if they'll be impacted by this change. With that in mind, we'll temporarily remove support for TLS 1.0 and 1.1 for two hours on 10 August 2022 at 13:00 UTC.
Local times for the two-hour ‘brownout’:
14:00 - 16:00 BST (London)
09:00 - 11:00 EST (New York)
06:00 - 08:00 PST (San Francisco)
23:00 (Wed 10th August) - 01:00 (Thur 11th August) AEDT (Sydney)
During this time, any systems unable to support TLS 1.2 will fail to connect, and emails will not be relayed using our SMTP.
Part two: Complete retirement
On 12 October 2022 at 06:30 UTC, we'll permanently switch off support for TLS versions 1.0 and 1.1. Only TLS 1.2 (or higher) will be accepted from this point onwards. TLS 1.0 and 1.1 will no longer be able to connect.
Local times are for complete retirement:
07:30 BST (London)
02:30 EST (New York)
23:30 PST (San Francisco)
16:30 AEDT (Sydney)
How do I know if I'm affected?
The two-hour 'brownout' on 10 August 2022 will help you identify if you're affected. This will give you plenty of time to make the required changes before the complete retirement on 12 October 2022.
You'll be affected if you use our transactional email feature AND your server or software environments aren't configured to use TLS 1.2.
Additional information for Magento users
In general, if all 3 of these statements are true for your situation, we believe this will impact you:
You're using Magento 1 or Magento 2 (prior to version 2.2.10)
You're using Transactional Emails
You haven't updated your Zend SMTP class to use TLS 1.2.
During the brownout or after the complete retirement, you may see messages like this in your error log:
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure in /var/www/website/vendor/magento/zendframework1/library/Zend/Mail/Protocol/Smtp.php on line 206
This indicates you're affected and need to make changes.
I'm running an old version of Magento; what changes do I need to make?
The required change to upgrade to TLS 1.2 on Magento 1 and Magento 2 is relatively straightforward and involves a single file. Only the file path varies from Magento 1 to Magento 2.
You’ll need to manually update line 206 of the Zend SMTP class, located at:
Here, you'll need to change
STREAM_CRYPTO_METHOD_TLS_CLIENT to STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT