Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Forcing TLS, otherwise use email encryption

Hi there,

As per the manual, you can set that when TLS is not available the message will be encrypted.

Is Sophos also checking if the certificate is valid? In the email appliance, you can separately choose both options.

 

You can select the following encryption options:

  • Send via TLS if available

    TLS prevents eavesdropping and tampering with the message in transit.

    NoteIf TLS is not available, the entire message will be encrypted as a PDF.

 

 


Added tags
[edited by: Raphael Alganes at 8:30 AM (GMT -7) on 16 May 2023]
Parents
  • Hi  

    Sophos Central Email does not check for the certificate.

    Email Encryption

    This feature is only available with an Email Advanced license.

    The encryption type Sophos Email uses is push-based email encryption using AES 256.

    To turn encryption on or off, go to Email Gateway > Settings > Encryption settings.

    Note: Make sure TLS (Transport Layer Security) v1.2 is enabled on your email gateway before enabling encryption here, otherwise the connection with Sophos will break, and you will not be able to send or receive the email. The ciphers required are 'TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL'. For more information, see https://wiki.openssl.org/index.php/FIPS_mode_and_TLS.

    • You can select the following encryption options:

      • Send via TLS if available (If TLS v1.2 is enabled on your email gateway)

        TLS prevents eavesdropping and tampering with the message in transit.

        Note: If TLS is not available(Not enabled on your email gateway), the entire message will be encrypted as a PDF.

      • Encrypt entire message

        The email and attachments are encrypted with a password.

        The first time an encrypted email is sent to you, an email is sent from Sophos asking you to click on a link to set a Sophos Secure Message password. You need to do this within 30 days, otherwise, the email expires. When you click on the link, you are directed to Sophos Secure Message where you can set your password.
        NoteThe password can only be used for emails within the region that the original email came from. If you receive an email from another region, you need to set another password.

        After setting the password, you receive an email from Sophos including the encrypted email and any encrypted attachments. To access them, open them and type in the password you created.

        You can reply to encrypted emails securely by clicking Reply on the encrypted PDF.

      • Encrypt attachments only

        The steps are the same as above, however, only attachments are encrypted.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Reply
  • Hi  

    Sophos Central Email does not check for the certificate.

    Email Encryption

    This feature is only available with an Email Advanced license.

    The encryption type Sophos Email uses is push-based email encryption using AES 256.

    To turn encryption on or off, go to Email Gateway > Settings > Encryption settings.

    Note: Make sure TLS (Transport Layer Security) v1.2 is enabled on your email gateway before enabling encryption here, otherwise the connection with Sophos will break, and you will not be able to send or receive the email. The ciphers required are 'TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL'. For more information, see https://wiki.openssl.org/index.php/FIPS_mode_and_TLS.

    • You can select the following encryption options:

      • Send via TLS if available (If TLS v1.2 is enabled on your email gateway)

        TLS prevents eavesdropping and tampering with the message in transit.

        Note: If TLS is not available(Not enabled on your email gateway), the entire message will be encrypted as a PDF.

      • Encrypt entire message

        The email and attachments are encrypted with a password.

        The first time an encrypted email is sent to you, an email is sent from Sophos asking you to click on a link to set a Sophos Secure Message password. You need to do this within 30 days, otherwise, the email expires. When you click on the link, you are directed to Sophos Secure Message where you can set your password.
        NoteThe password can only be used for emails within the region that the original email came from. If you receive an email from another region, you need to set another password.

        After setting the password, you receive an email from Sophos including the encrypted email and any encrypted attachments. To access them, open them and type in the password you created.

        You can reply to encrypted emails securely by clicking Reply on the encrypted PDF.

      • Encrypt attachments only

        The steps are the same as above, however, only attachments are encrypted.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

Children