Protecting your incoming and outgoing emails is a top priority for us, which is why we are always working to mail flow encryption. With the new security vulnerabilities constantly being uncovered, and communication privacy being in the spotlight now more than ever, we seek to upgrade our service to only use the most secure Transport Layer Security (TLS)-based encryption available. In the last year, we have made various changes to our service, and your mail has never been more secure. You can find out more about how we use TLS to secure your emails by reading, “How Exchange Online uses TLS to secure email connections in Office 365.”
TLS 1.2 support added
Towards the end of last year, we rolled out support for TLS 1.2 and, as a result, we now offer the best-in-class industry encryption for email traveling to and from our service—as long as the other party also offers . TLS 1.2 connections now account for around 60% of all TLS connections to and from Exchange Online. All mail between our data centers is encrypted with TLS 1.2 using the most secure cipher suit we support.
This change also adds TLS 1.2 support for browsing to the Exchange Online Protection Admin site.
New cipher suite order
We also updated the cipher order, used by our servers to conduct TLS negotiations, to include more secure cipher suites and prioritize Perfect Forward Secrecy (PFS). Just over 75 percent of all inbound TLS connections and 50 percent of all outbound TLS connections are now protected by PFS. The new cipher suite order can be seen below.
The first four cipher suites provide PFS security. For all cipher suite pairs, the stronger key strength is preferred. AES is preferred to 3DES and RC4, which are provided for legacy support but will be removed in future.
SSL 3.0 support withdrawn
With the discovery of the POODLE attack, web browsers and websites have been quick to respond and the demise of the protocol version has be sped up as a result. While mail flow is not exposed to the same level of risk, support for SSL 3.0 in our service was turned off to ensure only the most secure versions of TLS are supported.
RC4 cipher support is being withdrawn
Starting in June, we will remove support for the two legacy RC4 cipher suites on our list as we push to remove support for weak ciphers. This will result in a minority of connections to servers that only support RC4-based ciphers falling back to unencrypted. However, it does ensure that, for Forced TLS connections and SMTP Client Submission where TLS is compulsory, all TLS connections will not be able to use these weak ciphers and those connections will fail.