We at OVHcloud are committed to providing secure and professional email services that meet the latest industry standards. To boost security, we’re disabling TLS 1.0 and 1.1 protocols on our Exchange solutions, in line with international standards.

Are you using a recent and updated email client? You don’t need to do anything; all email clients have already been updated and support the latest TLS (1.2). Action is needed only if you’re running a very old version.

We’re ditching older TLS versions and stepping up security across OVHcloud Exchange services. This blog will cover what’s changing and the measures we’re taking to keep your data safe. 

TLS 1.0 and 1.1 deprecations

To improve security and service quality, we’re disabling TLS 1.0 and 1.1 on all our OVHcloud Exchange solutions.
While some Microsoft systems may still use them, these TLS versions have security holes and were officially deprecated in 2021. Plus, they are already disabled on most Microsoft services, including several Exchange options.

Single-standard supported protocols

Our goal is to apply the same configuration across all infrastructure. Since these protocols are already inactive on most of our servers, updating will standardise our setups and elevate security.

Supported ciphers

We’re also making adjustments to ciphers, so only the following will be supported:

• “TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384“
• “TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256“
• “TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384“
• “TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256“

Keep in mind, only older operating systems (outdated printers or unsupported systems) might have issues.

Customers can use the SSL Labs tool to see which encryption protocols their machine supports.

We use the best practices from the 2020 version 1.6 guides, see here.

HSTS protocol activation

We also use the HTTP Strict Transport Security (HSTS) protocol to keep connections between customers and OVHcloud Exchange servers secure.

This protocol helps to:

• enforce TLS usage by blocking unencrypted connections;
• protect against Man-in-the-Middle (MITM) attacks and block redirects/downgrades to unsecured HTTPS connections;
• automatically switch from HTTP to HTTPS for higher user security.

OVHcloud customers won’t notice this update, which will be automatic—no action needed.

Exchange update management

Monthly update process

Microsoft releases security updates for Microsoft Exchange Server every Patch Tuesday. OVHcloud applies these patches every month to bolster security for its Exchange solutions.

Our update process

• The 2^nd Tuesday of each month: Microsoft update release.
• Microsoft partnership: Thanks to our strong partnership, we have access to detailed information on patches and product releases. This gives us a better idea of how much work the next update will involve, so we can plan ahead.
• Vulnerability severity analysis:
  • Moderate risk → Maintenance is planned and staggered to minimise service disruptions.
  • High risk → A dedicated team starts maintenance right after the patches are released.

Update notifications

• PRIVATE solution customers are notified at the start and end of updates.
• RESELLER, HOSTED, MXPLAN, TRUSTED, and EMAILPRO customers can use Exchange’ clustering to track maintenance progress on the OVHcloud status page.

Real-Time monitoring and protection

We use several monitoring tools, developed in-house or provided by third-party vendors, to:

• monitor the exposure of OVHcloud Exchange services on the internet;
• detect vulnerabilities and unusual activity in real time;
• generate alerts and reports for instant analysis and troubleshooting.

Advanced spam protection

Our OVHcloud Exchange solutions include a European anti-spam system that filters messages before they reach your inbox.

Benefits of spam filtering:

• advanced detection of fraudulent and phishing emails;
• smart filtering based on machine learning;
• significant decrease in spam and malicious emails.

HTTP request management update

Host Header Removal

We’re currently fixing a server issue related to incorrect HTTP Host header usage. An invalid HTTP host header in a web request causes the server to immediately abort the request—this is specific to HTTP 1.0.

Server Header Removal

The HTTP server stops sending the header.

To recap…

We’re upgrading OVHcloud Exchange security by phasing out less secure TLS 1.0/1.1 protocols, bringing it in line with internationals security standards.
Regular updates, HSTS activation, continuous monitoring, and advanced anti-spam protection guarantee a secure, high-performance Exchange environment for all our customers.

Got questions about this update? Reach out to our technical support team.