All Collections
Announcements
2022
End of support for TLS 1.0 and 1.1 on our SMTP infrastructure
End of support for TLS 1.0 and 1.1 on our SMTP infrastructure
Gareth Burroughes avatar
Written by Gareth Burroughes
Updated over a week ago

On 12 October 2022, we'll remove support for TLS 1.0 and 1.1 on our SMTP infrastructure. This change is part of our security enhancement strategy and continuation of the work we've started in recent years. To read more about our security upgrade plans, check out our blog.

We'll be approaching this change in two distinct parts:

Part one: Temporary 'brownout'

We want to help customers identify if they'll be impacted by this change. With that in mind, we'll temporarily remove support for TLS 1.0 and 1.1 for two hours on 10 August 2022 at 13:00 UTC.

Local times for the two-hour ‘brownout’:

  • 14:00 - 16:00 BST (London)

  • 09:00 - 11:00 EST (New York)

  • 06:00 - 08:00 PST (San Francisco)

  • 23:00 (Wed 10th August) - 01:00 (Thur 11th August) AEDT (Sydney)

During this time, any systems unable to support TLS 1.2 will fail to connect, and emails will not be relayed using our SMTP.

Part two: Complete retirement

On 12 October 2022 at 06:30 UTC, we'll permanently switch off support for TLS versions 1.0 and 1.1. Only TLS 1.2 (or higher) will be accepted from this point onwards. TLS 1.0 and 1.1 will no longer be able to connect.

Local times are for complete retirement:

  • 07:30 BST (London)

  • 02:30 EST (New York)

  • 23:30 PST (San Francisco)

  • 16:30 AEDT (Sydney)

How do I know if I'm affected?

The two-hour 'brownout' on 10 August 2022 will help you identify if you're affected. This will give you plenty of time to make the required changes before the complete retirement on 12 October 2022.

You'll be affected if you use our transactional email feature AND your server or software environments aren't configured to use TLS 1.2.

Additional information for Magento users

In general, if all 3 of these statements are true for your situation, we believe this will impact you:

  • You're using Magento 1 or Magento 2 (prior to version 2.2.10)

  • You're using Transactional Emails

  • You haven't updated your Zend SMTP class to use TLS 1.2.

During the brownout or after the complete retirement, you may see messages like this in your error log:

error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure in /var/www/website/vendor/magento/zendframework1/library/Zend/Mail/Protocol/Smtp.php on line 206

This indicates you're affected and need to make changes.

I'm running an old version of Magento; what changes do I need to make?

The required change to upgrade to TLS 1.2 on Magento 1 and Magento 2 is relatively straightforward and involves a single file. Only the file path varies from Magento 1 to Magento 2.

You’ll need to manually update line 206 of the Zend SMTP class, located at:

Magento 1:
<magento-root>/lib/Zend/Mail/Protocol/Smtp.php

Magento 2:
<magento-root>/vendor/magento/zendframework1/library/Zend/Mail/Protocol/Smtp.php

Here, you'll need to change STREAM_CRYPTO_METHOD_TLS_CLIENT to STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT

WVBZzgDg.png

Need help?

If you're unsure whether this change will impact you or how to make the necessary changes, you can contact us or email our team at support@dotdigital.com.

Did this answer your question?