Outlook e-mail encryption "security": 3DES and SHA1.

%3CLINGO-SUB%20id%3D%22lingo-sub-234616%22%20slang%3D%22en-US%22%3EOutlook%20e-mail%20encryption%20%22security%22%3A%203DES%20and%20SHA1.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234616%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20anyone%20know%20why%20these%20very%20outdated%20security%20algorithms%20are%20the%20only%20available%20ones%20in%20Outlook%20365%3F%20This%20does%20not%20really%20seem%20that%20secure%20to%20me%2C%20considering%20both%20algorithms%20are%20very%20old%20and%20considered%20weak%20or%20patchy%20at%20best%20by%20now.%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20RC2%20should%20flat%20out%20be%20removed%2C%20it's%20from%201987!%3CBR%20%2F%3EIt's%20worse%20than%20plain%20text%20because%20it%20makes%20people%20may%20think%20their%20messages%20are%20secure%2C%20but%20they%20aren't.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-234616%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EO365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%202016%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-339441%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20e-mail%20encryption%20%22security%22%3A%203DES%20and%20SHA1.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-339441%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20you%20using%20a%20moder%20Outlook%20version%3F%20Outlook%202013%2F2016%20and%20for%20O365%20supports%20AES%20256.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-245070%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20e-mail%20encryption%20%22security%22%3A%203DES%20and%20SHA1.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-245070%22%20slang%3D%22en-US%22%3E%3CP%3ESeems%20to%20have%20changed%20since%20a%20recent%20update%3F%20I%20was%20able%20to%20use%20SHA2%20(and%203)%20and%20AES%20for%20a%20very%20long%20time.%20Since%20today%2C%20they%20are%20gone%20and%20only%20older%20protocols%20are%20supported.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-234699%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20e-mail%20encryption%20%22security%22%3A%203DES%20and%20SHA1.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234699%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F114760%22%20target%3D%22_blank%22%3E%40safvan%20am%3C%2FA%3E%2C%20why%20not%20use%20Office%20365%20Message%20Encryption%20instead%20of%20S%2FMIME%3F%20Check%20%3CA%20href%3D%22http%3A%2F%2Fo365blog.com%2Fpost%2Fencrypt-email%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20%3C%2FA%3Efor%20setup%20instructions.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-234657%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20e-mail%20encryption%20%22security%22%3A%203DES%20and%20SHA1.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234657%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Michel%2C%3C%2FP%3E%3CP%3EThanks%20for%20the%20reply%20%2C%20So%20is%20it%20means%20while%20using%20the%20Encryption%20TLS%201.2%20can%20Change%2FSupport%20the%20outlook%26nbsp%3BEncryption%20Algorithm%20other%20than%203DES%20and%20RC2%20(which%20is%20currently%20using)%3C%2FP%3E%3CP%3EAttached%20SS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-234645%22%20slang%3D%22en-US%22%3ERe%3A%20Outlook%20e-mail%20encryption%20%22security%22%3A%203DES%20and%20SHA1.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-234645%22%20slang%3D%22en-US%22%3ECipher%20support%20depends%20on%20the%20operating%20system%20used%20and%20which%20is%20agreed%20upon%20by%20both%20ends.%20My%20current%20connection%20uses%20TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.%20Support%20for%20older%20versions%20of%20TLS%20(%26lt%3B1.2)%20will%20be%20dropped%20in%20October%20-%20see%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4057306%2Fpreparing-for-tls-1-2-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4057306%2Fpreparing-for-tls-1-2-in-office-365%3C%2FA%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Does anyone know why these very outdated security algorithms are the only available ones in Outlook 365? This does not really seem that secure to me, considering both algorithms are very old and considered weak or patchy at best by now.

And RC2 should flat out be removed, it's from 1987!
It's worse than plain text because it makes people may think their messages are secure, but they aren't.

5 Replies
Highlighted
Cipher support depends on the operating system used and which is agreed upon by both ends. My current connection uses TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. Support for older versions of TLS (<1.2) will be dropped in October - see https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365
Highlighted

Hello Michel,

Thanks for the reply , So is it means while using the Encryption TLS 1.2 can Change/Support the outlook Encryption Algorithm other than 3DES and RC2 (which is currently using)

Attached SS.

 

Highlighted

@safvan am, why not use Office 365 Message Encryption instead of S/MIME? Check this for setup instructions.

Highlighted

Seems to have changed since a recent update? I was able to use SHA2 (and 3) and AES for a very long time. Since today, they are gone and only older protocols are supported.

Highlighted

Are you using a moder Outlook version? Outlook 2013/2016 and for O365 supports AES 256.