User profile for user: kenjakw
kenjakw Author
User level: Level 1
1 points

Can't access mail server with SSLV3 and TLS1.0 disabled

I run an ecommerce website that requires PCI compliance. My PCI scanner is telling me that I need to disable SSLv3 and TLS 1.0 to maintain compliance. However, when I do that, neither my Mac Mail client, nor my iPhone are able to connect to the mail server. I am assuming that means that they're using the out of date protocol that has been disabled. I'm scratching my head as to why the latest patched OS (Mavericks & IOS 8.3) are unable to upgrade the protocol beyond those outdated and insecure ones. I'm using IMAP port 993 in SSL and STMP on secure port 465. Is there anything I can do to get my devices synching with my mail server short of making the server non-compliant with PCI?

MacBook Pro (Retina, 15-inch, Mid 2014), OS X Mavericks (10.9.5)

Posted on May 15, 2015 9:44 AM

Reply
5 replies
Sort By: 
User profile for user: BobSpadger
BobSpadger
User level: Level 1
0 points

May 29, 2015 1:52 AM in response to kenjakw

I have just discovered this issue today as well.


Using Kerio connect, I disabled TLS v1.0 and all my apple mail clients (all the way to Yosemite) dropped off. They were configured to use IMAPS on port 993 with SSL on etc.


I could not find a way to get them to connect so had to re-enable TLS 1.0.

Reply
User profile for user: mwf01
mwf01
User level: Level 1
0 points

May 29, 2015 9:36 AM in response to kenjakw

I discovered this on April 30th when I disabled TLSv1.0 for IMAP and SMTP connections on our mail server. It broke all mail connectivity from our iPhones (8.3 12F70). I confirmed via our mail server logs that iOS uses TLSv1.0 for connections to both IMAP and SMTP. I also confirmed that Safari on the iPhone uses TLSv1.2 by visiting https://www.ssllabs.com/ssltest/viewMyClient.html It also supports SSL 3 and TLS 1.0, both of which are considered insecure.


I disabled TLSv1.0 for all services except IMAP and SMTP. Since you only have to pass the PCI scan once every three months I have a little more time before I have to disable TLSv1.0 for IMAP and SMTP or become non-compliant.


Apple needs to fix this now or they are going to have a major issue on their hands.

Reply
User profile for user: Eric Root
Eric Root
User level: Level 10
684,903 points

May 29, 2015 10:30 AM in response to mwf01

Send Apple feedback. They won't answer, but at least will know there is a problem. If enough people send feedback, it may get the problem solved sooner.


Feedback


Or you can use your Apple ID to register with this site and go the Apple BugReporter. Supposedly you will get an answer if you submit feedback.


Feedback via Apple Developer

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Can't access mail server with SSLV3 and TLS1.0 disabled

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up