Opportunistic and mandatory TLS
The ARgon for Email Server supports TLS in two forms: opportunistic and mandatory. You can globally enable opportunistic TLS, but you must configure mandatory TLS on connection profiles.
Tell me about...
Opportunistic TLS
With Opportunistic TLS enabled, the ARgon for Email Server automatically offers TLS when communicating with other SMTP servers, and it accepts TLS connections when requested.
If the other server completes the negotiation process, email is delivered or received using an encrypted
connection.
On outbound, if the other server offers TLS but the TLS handshake fails, the ARgon for Email Server defers the request and attempts to deliver the message again after five minutes. If the TLS handshake fails on a second attempt, the ARgon for Email Server establishes an unencrypted connection.
If the other SMTP server does not support TLS then the ARgon for Email Server will establish an unencrypted connection.
- Mandatory TLS
If Mandatory TLS has been configured for a connection profile, the ARgon for Email Server attempts to establish a TLS connection that meets the requirements specified in the connection.
If the other SMTP server does not offer TLS, the connection is not established and no email is delivered.
If the remote machine advertises TLS, but does not meet one of the requirements of the configured connections, no email is delivered.
| |
For greater flexibility, you can vary the level of certificate validation you want to specify in the TLS connection profile.
|
- What's the key difference between the two forms of TLS?
The key difference between the two forms is that, when using mandatory TLS, the ARgon for Email Server will not establish an unencrypted connection if either of the following happens:
- The other SMTP server does not support TLS.
- The TLS handshake fails.
When using opportunistic TLS, the ARgon for Email Server attempts to establish an encrypted connection but falls back to an unencrypted connection if the other SMTP server does not support TLS for outbound TLS.
Copyright Help/Systems LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.