Back
Exchange

Enhancing mail flow security for Exchange Online

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Editor’s note 7/7/2015:
This post was updated to clarify TLS connection requirements.

Protecting your incoming and outgoing emails is a top priority for us, which is why we are always working to improve mail flow encryption. With new security vulnerabilities constantly being uncovered, and communication privacy being in the spotlight now more than ever, we seek to upgrade our service to only use the most secure Transport Layer Security (TLS)-based encryption available. In the last year, we have made several improvements to our service, and your mail has never been more secure. You can find out more about how we use TLS to secure your emails by reading, “How Exchange Online uses TLS to secure email connections in Office 365.”

TLS 1.2 support added

Towards the end of last year, we rolled out support for TLS 1.2 and, as a result, we now offer the best-in-class industry encryption for email traveling to and from our service—as long as the other party also offers the same level of protection. TLS 1.2 connections now account for around 60 percent of all TLS connections to and from Exchange Online. All mail between our data centers is encrypted with TLS 1.2 using the most secure cipher suite we support.

This change also adds TLS 1.2 support for browsing to the Exchange Online Protection Admin site.

New cipher suite order

We also updated the cipher order, used by our servers to conduct TLS negotiations, to include more secure cipher suites and prioritize Perfect Forward Secrecy (PFS). Just over 75 percent of all inbound TLS connections and 50 percent of all outbound TLS connections are now protected by PFS. The new cipher suite order can be seen below.

Protocols Cipher Suite PFS Cipher/Strength
TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384 Yes AES/256
TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256 Yes AES/128
TLS1.0|1.1|1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384 Yes AES/256
TLS1.0|1.1|1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256 Yes AES/128
TLS1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 No AES256
TLS1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 No AES128
TLS1.0|1.1|1.2 TLS_RSA_WITH_AES_256_CBC_SHA No AES/256
TLS1.0|1.1|1.2 TLS_RSA_WITH_AES_128_CBC_SHA No AES/128
TLS1.0|1.1|1.2 TLS_RSA_WITH_3DES_EDE_CBC_SHA No 3DES/192
TLS1.0|1.1|1.2 TLS_RSA_WITH_RC4_128_SHA No RC4/128
TLS1.0|1.1|1.2 TLS_RSA_WITH_RC4_128_MD5 No RC4/128

The first four cipher suites provide PFS security. For all cipher suite pairs, the stronger key strength is preferred. AES is preferred to 3DES and RC4, which are provided for legacy support but will be removed in future.

SSL 3.0 support withdrawn

With the discovery of the POODLE attack, web browsers and websites have been quick to respond and the demise of the protocol version has be sped up as a result. While mail flow is not exposed to the same level of risk, support for SSL 3.0 in our service was turned off to ensure only the most secure versions of TLS are supported.

RC4 cipher support is being withdrawn

Starting in June, we will remove support for the two legacy RC4 cipher suites on our list as we push to remove support for weak ciphers. This will result in a minority of connections to servers that only support RC4-based ciphers falling back to unencrypted. However, it does ensure that, for Forced TLS connections and SMTP Client Submission where TLS is compulsory, all TLS connections will not be able to use these weak ciphers and those connections will fail. To avoid this happening, you will need to upgrade your servers to support AES ciphers.

Devices and applications such as multi-function printers that send mail will also be affected if they only support RC4. You will need to make sure that all your devices and applications have the latest firmware and software updates.

—The Information Protection team

Top