Securing your email with TLS
Transport Layer Security (TLS) is a cryptographic protocol that secures communication over a network by using certificates to encrypt a connection between computers. TLS is the successor of SSL (Secure Sockets Layer).
The simplest example is your banking website; TLS makes the difference between the HTTP (unencrypted) and HTTPS (encrypted) traffic. For email it is the same, SMTP (Simple Mail Transport Protocol) is the protocol and there are extensions for TLS to encrypt traffic.
TLS has nothing to do with encrypting an email. Rather, it is the communication encryption between the client and server.
Currently, many legacy printers/services/devices are still using SMTP with no TLS or can be tricked into not using TLS. This unencrypted communication can be intercepted by any third party in between the sender and recipient, including malicious actors that can perform a “Man-in-the-Middle” attack.
Solutions to mitigate this are called security extensions, e.g. the well-known STARTTLS:
How Secure is SMTP TLS?
- There is no mandatory support for TLS in the email system;
- A receiver’s support of the SMTP TLS option can be trivially removed by an active man-in-the-middle because TLS certificates are not actively verified. In such cases, opportunistic TLS will deliver messages securely and forced TLS will not deliver the message.
- If any aspect of the TLS negotiation is undecipherable/garbled, then encryption is not used. It is very easy for a man-in-the-middle to inject garbage into the TLS handshake (which is done in clear text) and have the connection downgraded to plain text (opportunistic TLS) or have the connection fail (forced TLS).
- Even when the SMTP TLS is offered and accepted, the certificate presented during the TLS handshake is usually not checked to see if it is really for the expected domain, and unexpired. Most MTAs offer self-signed certificates as a pro forma. Thus, in many cases one has an encrypted channel to an unauthenticated MTA, which can only prevent passive eavesdropping. Why? Because this is still better than plain text email delivery.
The Bottom Line
TLS is a security control to mitigate certain vulnerabilities and attacks. TLS is a good measure but not a magic bullet. Even when implemented and used correctly there are still plenty of other risks when using email to send sensitive information.
For further information and to request a risk assessment please contact us.
References and resources:
- LUXSCI – SMTP TLS: All About Secure Email Delivery Over TLS
- Wikipedia – Opportunistic TLS: Weaknesses and mitigations
- o365info – Opportunistic TLS versus Force TLS in Exchange based environment
- OWASP – Sensitive Data Exposure