TLS 1.2 ?

**slimslob** · 07-28-2022, 11:03 PM

Re: TLS 1.2 ?

To my knowledge, Ricoh has supported TLS1.2 since before I retired in 2017. You might check and see if you can turn off TLS1.0 and TLS1.1. That should force initial handshaking at TLS1.2. I can't remember if it has to be changed from the control panel or form WIM.

**sandmanmac** · 07-28-2022, 11:50 PM

Re: TLS 1.2 ?

Originally posted by slimslob

To my knowledge, Ricoh has supported TLS1.2 since before I retired in 2017. You might check and see if you can turn off TLS1.0 and TLS1.1. That should force initial handshaking at TLS1.2. I can't remember if it has to be changed from the control panel or form WIM.

Thanks Tim.
That sounded like promising advice, but when I checked my machines, TLS 1.0 and 1.1 were already turned off on one of them, and it made no difference when I turned it off on the other

**rthonpm** · 07-29-2022, 12:08 AM

Re: TLS 1.2 ?

Without one of those in front of me, do they support StartTLS in the mail options? I've had issues with other systems when not using that.

You may also want to look at getting those customers off a server that they don't have control over. You're opening yourself up to a bit of liability having their information available to you without some kind of agreement between you and them.

All you need is one lawyer to scream about it to find yourself in a world of hurt.

Sent from my Pixel 6 Pro using Tapatalk

**sandmanmac** · 07-29-2022, 12:26 AM

Re: TLS 1.2 ?

Originally posted by rthonpm

Without one of those in front of me, do they support StartTLS in the mail options? I've had issues with other systems when not using that.

You may also want to look at getting those customers off a server that they don't have control over. You're opening yourself up to a bit of liability having their information available to you without some kind of agreement between you and them.

All you need is one lawyer to scream about it to find yourself in a world of hurt.

Sent from my Pixel 6 Pro using Tapatalk

No they don't have the StartTLS option.
I've not yet dealt with a RICOH model that has that feature as far as I can recall.

I imagine the new IM Series would, but I've not gotten to them quite yet.

As for my Mail server....I appreciate the advice, and there only only a handful of very small clients I have still on there - and certainly none of them are law offices.

**Oze** · 07-29-2022, 01:20 AM

Re: TLS 1.2 ?

Originally posted by rthonpm

Without one of those in front of me, do they support StartTLS in the mail options? I've had issues with other systems when not using that.

You may also want to look at getting those customers off a server that they don't have control over. You're opening yourself up to a bit of liability having their information available to you without some kind of agreement between you and them.

All you need is one lawyer to scream about it to find yourself in a world of hurt.

Sent from my Pixel 6 Pro using Tapatalk

No START TLS option on the IMC series that I can find.
In front of one right now and the option's not in the security settings.

**rthonpm** · 07-30-2022, 03:28 PM

Re: TLS 1.2 ?

Originally posted by sandmanmac

As for my Mail server....I appreciate the advice, and there only only a handful of very small clients I have still on there - and certainly none of them are law offices.

The issue is that a mail server the customer doesn't have any degree of control over is sending data that could include sensitive information.

Almost any legal advisor would tell both you and the customer that this is a potential risk. What if a disgruntled employee is emailing data to a competitor, or internal pricing to a customer? With no ability for the customer to audit or see what's being sent there's a degree of risk. There's also the fact that you have access to that server and by extension, access to internal and potentially sensitive information. For a lot of small firms, nothing like that may be sent, but you should look to get some kind of paperwork that covers you and shows that the customer accepts the risk.

Back to the bigger issue at hand: with the TLS 1.2 change, you may want to check and make sure the hosting firm hasn't changed anything else, or if they're just reselling someone else's services that may require a more stringent setting like MFA or SMTP AUTH.

Sent from my Pixel 6 Pro using Tapatalk

**sandmanmac** · 07-30-2022, 11:34 PM

Re: TLS 1.2 ?

Originally posted by rthonpm

The issue is that a mail server the customer doesn't have any degree of control over is sending data that could include sensitive information.

Back to the bigger issue at hand: with the TLS 1.2 change, you may want to check and make sure the hosting firm hasn't changed anything else, or if they're just reselling someone else's services that may require a more stringent setting like MFA or SMTP AUTH.

Sent from my Pixel 6 Pro using Tapatalk

Point taken.
Thank you.

As for the TLS issue....it's had very little affect on me, and has actually been a good excuse to get some of the customers off my mail server as they call in to report their scanning issues.

It just seemed to me that there MUST be something on their end blocking the connection, and I'm positive I'm not the only one who has complained, and suggesting to me that I just use the non-ssl setup wasn't an acceptable solution.

They've been pretty good at making some suggestions, but most of them had already been tried - particularly their suggestion to disable TLS 1.0 / 1.1 which Tim suggested right out of the gate.
Thus far, they've been unable to find a solution for me, but they have apparently escalated the call to their 'system administrators', and I'm in a holding pattern.

Thanks to all who weighed in!

**slimslob** · 07-30-2022, 11:57 PM

Re: TLS 1.2 ?

Originally posted by sandmanmac

Point taken.
Thank you.

As for the TLS issue....it's had very little affect on me, and has actually been a good excuse to get some of the customers off my mail server as they call in to report their scanning issues.

It just seemed to me that there MUST be something on their end blocking the connection, and I'm positive I'm not the only one who has complained, and suggesting to me that I just use the non-ssl setup wasn't an acceptable solution.

They've been pretty good at making some suggestions, but most of them had already been tried - particularly their suggestion to disable TLS 1.0 / 1.1 which Tim suggested right out of the gate.
Thus far, they've been unable to find a solution for me, but they have apparently escalated the call to their 'system administrators', and I'm in a holding pattern.

Thanks to all who weighed in!

Is there anything common between the customers have the problem? Like maybe the same ISP or the same DSL or cable modem. I know there used to be a problem with the Motorola NVG410 DSL modem that ATR&T Uverse used would actually block all common SMTP ports going to any mail server except theirs. The only work around other than use their SMTP was to go with a hosting service like GoDaddy whose email hosting allowed Port 80 usage. Port 80 is the common port for HTTP and to block it would block nearly all internet access.

**sandmanmac** · 07-31-2022, 12:06 AM

Re: TLS 1.2 ?

Originally posted by slimslob

Is there anything common between the customers have the problem? Like maybe the same ISP or the same DSL or cable modem. I know there used to be a problem with the Motorola NVG410 DSL modem that ATR&T Uverse used would actually block all common SMTP ports going to any mail server except theirs. The only work around other than use their SMTP was to go with a hosting service like GoDaddy whose email hosting allowed Port 80 usage. Port 80 is the common port for HTTP and to block it would block nearly all internet access.

Thanks Tim.
No, it's not just them, I've been fooling around with multiple devices here at my home office too.
No joy

**sandmanmac** · 08-24-2022, 04:35 PM

Re: TLS 1.2 ?

Well, it's one of my biggest pet peeves when threads are not closed off, with some sort of resolution/ update for future visitors, so I'm back to do so - although not with a solution, as none was ever found.

I had lots of back and forth with the hosting company, but nothing worked. Eventually they just closed my Support session without any explanation or warning

So, as I think I stated earlier in the thread, this really isn't a problem in the bigger picture.
While it did cause a few units in the field to error out that were previously working using SSL/TLS on this server, it was just something that I felt (and still feel) there is a solution for.

Anyway, in the end, it was a good excuse to get some clients off of that server as suggested by rthonpm, which is all I ever used it for in the first place.

Thanks for the input!

TLS 1.2 ?

[Misc] TLS 1.2 ?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment