This article outlines the supported environments framework for Mimecast end user applications and administrative portals, as well as Large File Send access key generation pages.
Browser Support Matrix
|Browser||Administration Console *||Connect Application||Mimecast Personal Portal||Secure Messaging||Large File Send||Targeted Threat Protection|
|Internet Explorer 9||✕||✕||✓||✓||✓||✓|
|Internet Explorer 10||✓||✓||✓||✓||✓||✓|
|Internet Explorer 11||✓||✓||✓||✓||✓||✓|
|Firefox v3 Onwards||✓||✓||✓||✓||✓||✓|
* Devices with a browser resolution lower than 768px are currently not supported. As an alternative, desktop mode may be used.
When accessing the Administration Console using Internet Explorer 10 or 11 the “Access data sources across domains” browser setting needs to be disabled. To check this, navigate to the browser options. On the Security tab you will find different zones. Locate the zone to which “https://*.mimecast.com” belongs and select “Custom level…”. You will find the setting under the “Miscellaneous” section.
In general, Internet Explorer support follows the Microsoft Lifecycle. We strongly encourage you to ensure your browser is supported by the vendor for the purposes of security assurance.
TLS and SSL Protocols
This section is intended as a reference to the protocols and cipher suites that Mimecast supports for access to the Mimecast web applications. It is not meant as a detailed explanation of the workings of TLS and SSL.
Mimecast web applications are accessed using Hypertext Transfer Protocol Secure (HTTPS). Technically HTTPS is not a protocol. It is the result of layering HTTP on top of Transport Layer Security (TLS) or Secure Sockets Layer (SSL), thereby adding the security of these protocols to cleartext HTTP communications. Using these cryptographic protocols does not guarantee the connection will be secure. As such Mimecast only supports certain protocol versions and ciphers.
The quality of the protection provided by SSL relies on the private key (the basis for the security) and the certificate (which conveys the identity of the server to its visitors). Mimecast uses an SSL certificate issued by Verisign, a reputable Certificate Authority (CA) that has a 2048-bit RSA key.
Mimecast no longer supports SSLv3 for inbound browser connections. Instead one of the following TLS versions should be used:
|TLS v1.0||Considered to be secure. There are no known major security weaknesses (provided it is properly implemented).|
|TLS v1.1 and 1.2||The most secure protocols that have no known security issues. However, many server and client systems do not currently support these protocols.|
TLS/SSL cipher suites enforce the actual security of the encrypted session. Mimecast supports several strong cipher suites with a minimum of 128 bits. This guarantees your secure connection cannot be decrypted if intercepted.
The following cipher suites are not supported:
|Cipher||Reason for Non-Support|
|Anonymous Diffie-Hellman (ADH) suites||It provides no authentication.|
|NULL cipher suites||It provides no encryption.|
|EXPORT cipher suites||It uses trivial encryption.|
|WEAK cipher suites||It typically uses less than 128 bit.|
|Rivest Cipher 4 (RC4)||It is insecure.|
Windows XP will generally use the RC4 cipher. Owing to the vulnerability of this operating system and cipher combination, Mimecast is unable to support such connections. Any connections using the RC4 cipher will be rejected by the Mimecast API. Mimecast strongly recommends that customers update their operating system and browsers to more recent secure versions in order to maintain their security.
Essential Settings for Internet Explorer
Internet Explorer users should ensure that the following settings are correct for their browser. To do this, open Internet Explorer then navigate to the relevant menu option from the Tools menu.
|Internet Explorer Settings||Navigate to||Comments|
|Compatibility Mode must be disabled|
Tools: Compatibility View Settings
For more information, view this related Microsoft support article.
|As Compatibility Mode is not supported, the Mimecast domains should be removed from the Websites Compatibility list.|
|Add the relevant website to the Trusted Sites in Internet Explorer||Tools: Internet Options | Security tab | Trusted Sites||Add the Login URLs to your Trusted Sites.|
|Check that the built-in security settings for the Trusted Sites are set no higher than Medium-high||Tools: Internet Options | Security tab | Trusted Sites ... Custom setting|
|Clear any Temporary Internet files, Cookies, and Browsing History, then restart IE|
Tools: Internet Options | General tab
For older versions of IE, this data can only be cleared while your browser isn't active (i.e. the browser must be closed). To clear this data, right-click on the IE icon and select Internet Options.
|Allow First-party and Third-party Cookies so that the browser accepts them||Tools: Internet Options | Privacy tab | Advanced|
|Enable the setting Play animations in webpages||Tools: Internet Options | Advanced tab | Multimedia section|