Archive for June, 2018

Email Security FAQ

June 25, 2018

Some common questions we have received so far after the update:

1) I am using Outlook or another program to read email do I need to update the server address from mail.storesecured.com to webmail.storesecured.com?

No, the https://webmail.storesecured.com address change is ONLY for those who are using webmail. If you are using Outlook or your phones email etc this does NOT change.

2) Should I enable Secure Password Authentication?

No, Secure password authentication should not be checked, it is only for certain types of servers

3) Should the SMTP port be 25 or 587?

Either one, it does not matter for us, your Internet provider may block one or the other so if one does not work, then try the other

4) Does the outgoing server require authentication?

Yes, the outgoing server requires authentication using the same settings as the incoming server.

5) Can I connect without TLS?

Yes, you can technically connect without TLS but it is then not a secure connection just like using a http vs https webpage. We highly recommend always using a secure connection.

6) My email software only shows a checkbox for SSL and no TLS?

On some email programs we have seen that they do accurately use TLS when you check the SSL box as long as you are connected with the correct port. If your email program does not have TLS selection please try using the SSL selection instead.
If you are using IMAP for incoming, use port 143, if you are using POP3 for incoming use port 110.

7) My email still doesn’t work, can you help?

Yes, if you are running an older version of Windows, ie Windows 7 or 8 it may not support TLS 1.2 by default. To verify this is the case please send your ip address (look it up at www.whatismyip.com) to our support team and we can confirm from the logs.

8) I have Windows 7 and TLS 1.2 is NOT enabled, how do I enable it?

Here is a link to some instructions on how to update Windows 7 to support TLS 1.2
Scroll down in the article about halfway to where it says:
Steps required to switch to TLS 1.2 on Windows 7 and start there.

http://www.teamnetworks.net/blog/4832/enabling-tls-1-2-on-windows-7-complete-instruction/

Follow the steps listed.

Try to connect via email again.

Alternatively here is a article directly from Microsoft describing the same process, I don’t feel it’s quite as easy to follow though you may prefer to go straight to the source.
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

9) I’m still having problems?

If you are still having problems please contact our support team for assistance.

Email Security Changes and Maintenance Period 6/24

June 20, 2018

Effective June 24th there will be several security changes to our email server to comply with PCI rules.

  • Webmail will be moved from mail.storesecured.com to webmail.storesecured.com. (ONLY for Webmail).
  • Webmail must be connected to securely, ie https vs http
  • All connections to read/deliever mail should be done securely, using TLS (NOT SSL) connections
  • TLS 1.0 will be disabled, SSL will be disabled. All connections must use TLS1.2 or higher
  • The mailserver will not accept plaintext credentials. All credentials must be encrypted.
  • SSL access to the email server via ports 993, 995, and 465 via SSL will be disabled in favor of more secure TLS connections on ports 25, 110 and 143

Email Server Maintenance
The email server will be unavailable periodically during the maintenance period from approximately 8:00pm-midnight pacific time on June 24th to make the above changes.

How can I prepare for these changes ahead of time?
When using webmail start going to https://webmail.storesecured.com INSTEAD of http://mail.storesecured.com

If using Outlook or other email program to read your mail make sure it is setup to use TLS connections with the proper ports:
To change this setting in Outlook

  1. With your Outlook client open, select Tools from the main menu. Then select Account Settings… from the drop down menu.
    This will open up the Account Settings window.
  2. If you have more than one email account configured, make sure that your StoreSecured Internet account is selected.
  3. With your StoreSecured email account highlighted, select Change.
  4. This will open another window called “Change E-Mail Account“.
  5. Click More Settings….
  6. This will open another window called Internet E-mail Settings.
  7. Click the Advanced tab.
  8. Look in the section called Server Port Numbers.
  9. In the drop down menu under Incoming server select TLS from the list of options.
  10. If you are using IMAP the port number should be set to 143.
  11. If you are using POP the port number should be set to 110.
  12. Then, in the drop down menu under Outgoing server (SMTP), select TLS from the options.
  13. Your outgoing server port number should be set to 25, in the Outgoing server (SMTP) field or port 587 can be used as an alternate SMTP port if you cannot connect via port 25.

Additional Questions
If you have questions about your particular setup, email program etc, please contact StoreSecured support via our support system for additional assistance.  Also you can read our FAQ about the change here.

 

PCI Compliance and TLS 1.0 Update

June 1, 2018

Effective June 16th, 2018, StoreSecured will be turning off our support for TLS 1.0.    We are doing so to comply with the latest PCI standards which require that support for TLS1.0 is disabled by June 30, 2018 at the latest.

 

Potential Issues

Please note that if you or your clients have very old browsers this may mean that you are no longer able to use the StoreSecured website’s in secure mode unless the browser is upgraded.

How to check your browser

Go to https://www.ssllabs.com/ssltest/viewMyClient.html and look in the very first box labelled Protocol Support.  If it says “Your user agent has good protocol support” then you are good, otherwise you need to upgrade either your browser,  your operating system or both.

Why are we doing this

We are required to turn off TLS 1.0 and lower support in order to comply with PCI regulations and to ensure high security.  PCI regulations are required to be adhered to in order to accept credit cards.  As an ecommerce site provider this is critically important for us and for you our merchants.  We have waited as long as possible to turn this off to give clients time to upgrade and now we must proceed.

Questions

If you have any questions or concerns feel free to contact us via support request or via email at support@storesecured.com or you can read further at the link below:

https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Migrating_from_SSL_and_Early_TLS_Resource_Guide.pdf