MAX MailProtection TLS Encryption and DH Key Length

Some sending mail servers are now requiring more stringent parameters (specifically, a longer Diffie-Hellman key length) to successfully negotiate TLS connections than in the past, to deliver encrypted messages.   The result is that a small number of sending servers that are configured to communicate solely encrypted messages via TLS, and that will not deliver to MTAs without the longer DH keys, may be unable to deliver mail to our systems and will generate bounce messages for the senders.  We are in the process of upgrading our mail handling systems across our data centers to support the longer key length;  our current expectation is that this will be complete in the next 5 to 10 days.   Our goal is to complete the deployment as quickly as we can, while mitigating risk as we update all of our operational mail handling systems.  We appreciate your patience as we work on this update.


This entry was posted in Mail Assure. Bookmark the permalink.