Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Email Policies > Encryption tab > Transport Layer Security
Transport Layer Security
 
Related topics:
TLS provides a transport layer encrypted "tunnel" between email servers or mail transfer agents (MTAs).
By default, Forcepoint Email Security Cloud always attempts to deliver or receive email using opportunistic TLS if the sending or receiving MTA supports it. With opportunistic TLS, if a connection attempt is made using the TLS protocol, the connection recipient must provide appropriate TLS credentials for an encrypted data transfer. If the TLS "handshake" fails, the data transfer is made via plain text, rather than encrypted text. In either case, the data transfer is successfully accomplished.
Alternatively, you can enforce TLS connections. There are 2 stages to configuring mandatory TLS:
1.
2.
When the conditions within the TLS policy are not met, Forcepoint Email Security Cloud does not deliver the email.
See this article for a full list of trusted certificate authorities supported by Forcepoint Email Security Cloud.
 
Note 
Forcepoint Email Security Cloud can enforce TLS only on the immediate next SMTP hop. Situations may exist where Forcepoint Email Security Cloud does not deliver directly to recipients (e.g., they may be using a service similar to Forcepoint Email Security Cloud). In such situations, it is your responsibility to ensure that all intermediate SMTP hops support TLS. If this is outside of your control, we recommend you use the Forcepoint Email Security Cloud standard or advanced encryption functionality to provide secure delivery.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Defining Email Policies > Encryption tab > Transport Layer Security
Copyright 2023 Forcepoint. All rights reserved.