Google drops support for old crypto on Gmail, SMTP servers
In less than a month, Google will stop supporting SSLv3 and RC4 on its SMTP and Gmail’s web servers.
The end of support is not unexpected, as the Internet giant announced the move last September.
Nor does it come a moment too soon – “SSLv3 has been obsolete for over 16 years and is so full of known problems that the IETF has decided that it must no longer be used. RC4 is a 28 year old cipher that has done remarkably well, but is now the subject of multiple attacks at security conferences. The IETF has decided that RC4 also warrants a statement that it too must no longer be used,” noted the Google Apps team.
The cut-off point is June 16, 2016.
“After this change, servers sending messages via SSLv3 and RC4 will no longer be able to exchange mail with Google’s SMTP servers, and some users using older and insecure mail clients won’t be able to send mail,” the team pointed out.
They urged both admins of such servers and users of such clients to get with the times and upgrade to more modern TLS configurations and software.
More instructions on preferred choices for the switch – choices that should keep everything working as further TLS changes are introduced by Google in the coming years – are presented here.