Mimecast Browser Support Matrix

Document created by user.oxriBaJeN4 Employee on Sep 16, 2015Last modified by user.oxriBaJeN4 Employee on Oct 6, 2017
Version 19Show Document
  • View in full screen mode

This article outlines the supported environments framework for Mimecast end user applications and administrative portals, as well as Large File Send access key generation pages.

 

Browser Support Matrix

 

Browser
Administration Console *
Connect Application
Mimecast Personal Portal
Secure MessagingLarge File Send
Targeted Threat Protection
Internet Explorer 11
Edge
Chrome
Safari
Firefox v3 Onwards

 

* Devices with a browser resolution lower than 768px are currently not supported. As an alternative, desktop mode may be used.

When accessing the Administration Console using Internet Explorer 10 or 11 the “Access data sources across domains” browser setting needs to be disabled. To check this, navigate to the browser options. On the Security tab you will find different zones. Locate the zone to which “https://*.mimecast.com” belongs and select “Custom level…”. You will find the setting under the “Miscellaneous” section.

In general, Internet Explorer support follows the Microsoft Lifecycle. We strongly encourage you to ensure your browser is supported by the vendor for the purposes of security assurance.

TLS and SSL Protocols

This section is intended as a reference to the protocols and cipher suites that Mimecast supports for access to the Mimecast web applications. It is not meant as a detailed explanation of the workings of TLS and SSL.

Mimecast web applications are accessed using Hypertext Transfer Protocol Secure (HTTPS). Technically HTTPS is not a protocol. It is the result of layering HTTP on top of Transport Layer Security (TLS) or Secure Sockets Layer (SSL), thereby adding the security of these protocols to cleartext HTTP communications. Using these cryptographic protocols does not guarantee the connection will be secure. As such Mimecast only supports certain protocol versions and ciphers.

 

The quality of the protection provided by SSL relies on the private key (the basis for the security) and the certificate (which conveys the identity of the server to its visitors). Mimecast uses an SSL certificate issued by Verisign, a reputable Certificate Authority (CA) that has a 2048-bit RSA key.

 

Mimecast no longer supports SSLv3 for inbound browser connections. Instead one of the following TLS versions should be used:

 

ProtocolDescription
TLS v1.0Considered to be secure. There are no known major security weaknesses (provided it is properly implemented).
TLS v1.1 and 1.2The most secure protocols that have no known security issues. However, many server and client systems do not currently support these protocols.

 

Cipher Suites

 

TLS/SSL cipher suites enforce the actual security of the encrypted session. Mimecast supports several strong cipher suites with a minimum of 128 bits. This guarantees your secure connection cannot be decrypted if intercepted.

 

The following cipher suites are not supported:

 

CipherReason for Non-Support
Anonymous Diffie-Hellman (ADH) suitesIt provides no authentication.
NULL cipher suitesIt provides no encryption.
EXPORT cipher suitesIt uses trivial encryption.
WEAK cipher suitesIt typically uses less than 128 bit.
Rivest Cipher 4 (RC4)It is insecure.

Windows XP will generally use the RC4 cipher. Owing to the vulnerability of this operating system and cipher combination, Mimecast is unable to support such connections. Any connections using the RC4 cipher will be rejected by the Mimecast API. Mimecast strongly recommends that customers update their operating system and browsers to more recent secure versions in order to maintain their security.

Essential Settings for Internet Explorer

 

Internet Explorer users should ensure that the following settings are correct for their browser. To do this, open Internet Explorer then navigate to the relevant menu option from the Tools menu.

 

Internet Explorer SettingsNavigate toComments
Compatibility Mode must be disabled

Tools: Compatibility View Settings

For more information, view this related Microsoft support article.

As Compatibility Mode is not supported, the Mimecast domains should be removed from the Websites Compatibility list.
Add the relevant  website to the Trusted Sites in Internet ExplorerTools: Internet Options | Security tab | Trusted SitesAdd the Login URLs to your Trusted Sites.
Check that the built-in security settings for the Trusted Sites are set no higher than Medium-highTools: Internet Options | Security tab | Trusted Sites ... Custom setting
Clear any Temporary Internet files, Cookies, and Browsing History, then restart IE

Tools: Internet Options | General tab

For older versions of IE, this data can only be cleared while your browser isn't active (i.e. the browser must be closed). To clear this data, right-click on the IE icon and select Internet Options.

Allow First-party and Third-party Cookies so that the browser accepts themTools: Internet Options | Privacy tab | Advanced
Enable the setting Play animations in webpagesTools: Internet Options | Advanced tab | Multimedia section
Ensure that Javascript execution is allowedTools: Internet Options | Security tab | Trusted Sites ... Custom settingBy default, adding the URL to your Trusted Sites will automatically enable Active Scripting.
3 people found this helpful

Attachments

    Outcomes