Forcing TLS, otherwise use email encryption

Question

Hi there, 
 As per the manual, you can set that when TLS is not available the message will be encrypted. 
 Is Sophos also checking if the certificate is valid? In the email appliance, you can separately choose both options. 
 
 You can select the following encryption options: 
 
 Send via TLS if available 
 TLS prevents eavesdropping and tampering with the message in transit. 
 Note If TLS is not available, the entire message will be encrypted as a PDF.

Keyur · Accepted Answer

Hi olofd Sophos Central Email does not check for the certificate. 
 Email Encryption 
 
 This feature is only available with an Email Advanced license. 
 The encryption type Sophos Email uses is push-based email encryption using AES 256. 
 To turn encryption on or off, go to Email Gateway > Settings > Encryption settings . 
 Note: Make sure TLS (Transport Layer Security) v1.2 is enabled on your email gateway before enabling encryption here, otherwise the connection with Sophos will break, and you will not be able to send or receive the email. The ciphers required are 'TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL'. For more information, see https://wiki.openssl.org/index.php/FIPS_mode_and_TLS . 
 
 You can select the following encryption options: 
 
 Send via TLS if available (If TLS v1.2 is enabled on your email gateway) 
 TLS prevents eavesdropping and tampering with the message in transit. 
 Note: If TLS is not available(Not enabled on your email gateway), the entire message will be encrypted as a PDF. 
 
 Encrypt entire message 
 The email and attachments are encrypted with a password. 
 The first time an encrypted email is sent to you, an email is sent from Sophos asking you to click on a link to set a Sophos Secure Message password. You need to do this within 30 days, otherwise, the email expires. When you click on the link, you are directed to Sophos Secure Message where you can set your password.
 Note The password can only be used for emails within the region that the original email came from. If you receive an email from another region, you need to set another password. 
 
 After setting the password, you receive an email from Sophos including the encrypted email and any encrypted attachments. To access them, open them and type in the password you created. 
 You can reply to encrypted emails securely by clicking Reply on the encrypted PDF. 
 
 Encrypt attachments only 
 The steps are the same as above, however, only attachments are encrypted.