Updating Existing Email Connections to use SSL

Knowledgebase Article

Updating Existing Email Connections to use SSL

We are transitioning to exclusively secure connections, which is a crucial step to ensure that your emails and personal information remain safe and private. This means that any currently used insecure connections for email, such as those not using SSL/TLS, will no longer be supported. Additionally, for those already using secure connections, it's important that your email client can support the use of TLS 1.2, as we will no longer support older versions like TLS 1.0 and 1.1.

Moving Away from Insecure Connections:

Using an insecure connection for emails is like sending a letter without an envelope – anyone who comes across it can read your information. To protect your privacy, we are now requiring that all connections be secure. This means using a 'digital envelope' (SSL/TLS) for your emails, ensuring that only the intended recipient can read them.

Why TLS 1.2 is Required:

Within the realm of secure connections, we are specifying the use of TLS 1.2. This is because older versions, like TLS 1.0 and 1.1, are like old locks that are easier for cyber attackers to break into. TLS 1.2 is a much stronger lock, offering better protection with stronger encryption and more secure methods of communication. It’s the minimum standard needed to keep your communications safe in today’s digital world.

This tutorial is designed to assist you in understanding these changes and updating your email client settings accordingly to enhance security and comply with our new requirements. This guide will also provide specific help for those using older devices, ensuring you can smoothly transition to these more secure methods of communication.

Important Considerations for TLS 1.2 Support

Operating System Support

While most modern operating systems and devices support TLS 1.2, some customers may be using outdated operating systems or devices that are not compatible with this encryption standard. If you're confident that you're using a modern OS, you can proceed to the next section. However, if you're unsure or know that your system might be outdated, please read on to understand how this change might impact you and to explore possible workarounds.

Windows: Windows 7 and later support TLS 1.2. However, Windows 7 and 8 may require manual enabling of TLS 1.2. Note that these versions of Windows are no longer receiving security updates, posing additional risks. For guidance on enabling TLS 1.2, please refer to this how-to article. Upgrading to a more recent version of Windows is advisable for better security.
macOS: macOS X 10.9 (Mavericks) and later versions support TLS 1.2. Older versions are vulnerable to various security threats and lack TLS 1.2 support.
iOS: iOS 5 and later versions support TLS 1.2. Older iOS versions can expose users to security vulnerabilities.
Android: Android 5.0 (Lollipop) and later versions natively support TLS 1.2. Older versions lack this support and may be vulnerable to security risks.

The Need for Upgrading or Replacing Devices
Using operating systems and devices that do not support TLS 1.2 is becoming increasingly problematic. The internet is widely transitioning to require TLS 1.2, meaning that failure to update will likely result in problems accessing a large number of websites and online services in the near future. Upgrading or replacing your device is strongly recommended.

Alternatives: Webmail and Mozilla Thunderbird
If upgrading your operating system or device is not feasible, consider these alternatives:

Webmail: Webmail runs in a browser and relies on the browser's security protocols, which are generally up-to-date. This can be a temporary solution while planning for an upgrade.
Mozilla Thunderbird: As an email client, Thunderbird includes its own security protocols, including TLS 1.2, independent of your operating system. This makes it a suitable alternative for those using older systems.

While the workarounds mentioned should allow continued email access on older devices for now, it's crucial to start planning to upgrade or replace these devices. This is not a Kualo-specific issue but a broader internet security trend. As more websites and online services adopt TLS 1.2 and higher for enhanced security, older devices that do not support these protocols will increasingly encounter difficulties accessing a large portion of the internet. This transition is essential for maintaining secure and reliable online interactions in the coming years.

Steps for Updating Email Settings

If you're on a modern operating system that supports TLS 1.2, then you will only need to update your existing email connection settings to use SSL. This guide assumes you already have your email account set up on your device and is designed to explain how to update your existing settings from insecure to secure connections.

To do this, we will need to adjust a number of settings to tell the email client that you're using secure connections, and to update ports. We also need to ensure that your outbound email connection is not only using the secure connection, but also configured to use password authentication.

Typically, you won't need to change the hostname that you use to connect to, we're only updating port settings. This will typically (and ideally) be mail.yourdomain.com but it may be something like servername.ldn.kualo.net. However there may be rare cases where a secure certificate hasn't been issued for your domain.

If you run into any problems after changing to a secure connection, double check that you have the hostname specified in your cPanel by following this article.

This process to change to secure connections primarily involves three key steps:

Checking Your Current Settings: Begin by identifying your current email client settings, particularly the type of account you're using (IMAP or POP) and your current SMTP settings.
Updating to Secure Ports: Modify your email client settings to use the designated secure ports for IMAP, POP, and SMTP. This ensures that your email transmissions are encrypted and secure.
Enabling Authentication for SMTP: Make sure that your SMTP (outgoing mail server) settings include password authentication. This step is crucial for securing your outgoing emails.

Note, if you are setting up Authentication for SMTP for the first time, you may be prompted to provide your email address username and password. If you don't know what this is, you may reset this from cPanel.

Steps for Common Email Clients

Each email client has its own set of steps for making these changes, which we've detailed below for the most commonly used clients. Remember, securing your email is not just about protecting your privacy, but also ensuring that your communications remain uninterrupted and compliant with the latest security standards.