Connect Application: Setting Up TLS Policies

Document created by user.Yo2IBgvWqr Employee on Sep 20, 2017Last modified by user.oxriBaJeN4 on Nov 27, 2017
Version 18Show Document
  • View in full screen mode
This Connect Application task is currently only available for UK customers with access to the Early Access URL.

By default, we deliver messages using opportunistic Transport Layer Security (TLS). This guide describes how users of the Connect Application can optionally enforce TLS communication between your mail server and us, as well as between us and specified external domains. This ensures full end-to-end TLS communication between your internal server infrastructure and the external domains as shown below:


Transport Layer Security

We recommend adding external domains to ensure full end-to-end TLS communication. Ensure that any external domains you enter support Strict TLS. We support connections using TLS 1.0, 1.1, and 1.2 for AES-256, RC4, MD5, and AnonDHE.


Adding Transport Layer Security Policies

If you can't start this step, ensure the Connect Application: Preparing for Inbound Email is completed. This is a dependent task.

To add a Transport Layer Security policy:

  1. Click on the Optional | Set Up Your TLS Policies menu item.
  2. Click on the Start button. A page is displayed listing any current internal server routes.
  3. Click the Validate button to perform a check to ensure your inbound routes can support enforced TLS. A popup dialog is displayed.
  4. Enter an Internal Email Address.
  5. Click on the Test button. If any route doesn't support TLS, you can't proceed to the next step in the task.
    • A green tick confirms the route is validated in "Strict - Trusted Enforced" or "Relaxed Encryption Mode".
    • A red exclamation confirms the route is invalid with "TLS Not Supported".
    Internal Server Routes
    If all the routes are capable of enforced TLS, the server can have either a 3rd party supported or self signed certificate. If a 3rd party certificate is used, strict encryption mode is enforced. If a self-signed certificate is used, relaxed mode is enforced.
  6. Click on the Next button. All external domains are listed. 
  7. Click on the Add External Domains button. A popup box is displayed. 
  8. Enter all your External Domains, with each on a separate line.
    Up to 50 addresses can be added at any one time. If you have more than 50, just repeat the process in batches of 50 or less.
  9. Click on the Continue button. The new domains are listed.
  10. Click on the Remove link to remove a domain is invalid or already exists. These are shown with a red cross and an error message (e.g. "Duplicate Domain").
  11. Click on the Add button.
  12. Click on the Finish button.


Remove a TLS PolicyRemoving Transport Layer Security Policies


To remove a transport layer security policy:

  1. Click on the Optional | Set Up Your TLS Policies menu item.
  2. Click on the Start button. Any existing TLS policies are displayed.
  3. Click on the Remove link to the right of the TLS policy to be removed.
  4. Click on the Finish button.