Endpoint Encryption

 View Only
  • 1.  Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 15, 2013 05:05 AM

    I have an email client that is set up to make an SSL connection to the mail server.

     

    After installing Symantec Desktop Email encryption, I get a warning that my client is trying to make an "SSL connection" to the server and the message does not send and sits in the outbox.

    This may sound a little stupid but really I want Symantec Desktop Email encryption to only do the PGP and let the mail server do the SSL connection.

    I have tried changing a lot of settings and have read the manual but I am still missing something with getting this working.

    BTW it works fine for collecting mail, it is sending mail that has the issue.

    Can someone help me with this.

     

    Thanks

     

    Scott

     

     

     

     

     



  • 2.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 15, 2013 06:29 AM

    sounds like your PGP server is forcing SSL connections between client and server, or is this just the certificate warning when you first enrol?



  • 3.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 15, 2013 08:07 AM

    PGP encrypts email by use of its email proxy.  Sent email goes through the email proxy, and is encrypted if there is a PGP messaging policy that calls for it.  After the email proxy acts on the email, it will attempt to make an SSL connection to the server, and will then send the email on to the server.  However, if the email client is encrypting the email via SSL before it is sent to the PGP email proxy, the PGP email proxy cannot encrypt, since is is already SSL encrypted.



  • 4.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 15, 2013 08:26 AM

    Hello Tom and Alex,

    Yes, the email client has it's own "add-in" for delivering mail.

    I have tried just about everything to turn off the "mail client" delivering it's mail (even disabling the add-in) but it still doesn't deliver and just sits in the outbox and I get the "SSL warning" from Symantec Desktop Email Encryption.

    I am hoping you are not going to tell me to just use standard IMAP :(

    The mail server works with standard IMAP if I had to, but it is very ugly.

    I sort of understand, that there is some sort of fight going on, between the Mail Client wanting to deliver and the SDEE wanting to deliver.  I take it that under usual conditions that Outlook is very passive and does not put up a fight against SDEE trying to assert control.

    The Email product is called "Mail Enable" (I hope you don't mind it being mentioned) and their tech support info seems to suggest they work together.

    Is there anyway to turn off the proxy so that it just does the PGP and lets the Mail Client do the SSL?

    Thanks in advance, I know these questions are annoying to answer.

     

    Scott

     

     

     

     

     

     



  • 5.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 15, 2013 08:58 AM

    Do your end users have PGP Desktop installed?

    The SSL will be occuring when your mail client encrypts the COMMUNICATION between client and universal server.  PGP encrypts the DATA.  They can work hand in hand as they're separate processes.

    But if you configure the environment for point to point encryption, i.e. the CLIENT encrypts the data, that should work no problem.



  • 6.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 16, 2013 01:04 AM

    Thank you Alex,

    I am testing PGP Desktop at the moment.

    This sounds really dumb and I think I must have missed something but where is the setting that changes the behaviour so that "PGP only encrypts the data" but does not secure the connection?

    Scott

     



  • 7.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 16, 2013 09:05 AM

    That's correct.

     

    You can send PGP emails in the clear, but the actual content would be indecipherable.  Obviously you want to both encrypt the communication and the data.

    If you want the server to just act as management and doesnt encrypt, you need PGP Desktop installed, then you can encrypt from the workstations.



  • 8.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 16, 2013 09:55 AM

    Please correct me if I've in error, but my understanding is that you are not using a PGP/SED Universal Server, and that your PGP/SED encryption trial is just with the PGP/SED Desktop software.

    Please understand that while you can either enable or disable the PGP email proxy on the (Secure Email option) Messaging tab of PGP Options, that this affects all use of the email proxy.  If you use the PGP email proxy, it will encrypt both the email and any email attachments, when the recipient has a public key you can encrypt to.  If you disable the email proxy, no email or email attachments will be encrypted.  Additionally, if you want the PGP email proxy to be able to encrypt email and email attachments, you must not have SSL enabled at the email software level.



  • 9.  RE: Symantec Desktop Email Encryption - "ssl warning"

    Posted Aug 17, 2013 02:07 AM

    Tom,

    Thank you for that.

    Yes I am using the PGP/SED Desktop software as you people call it "Symantec Desktop Email encryption".

    I think there is a general incompatibility between the Mail Enable Client software and the "Symantec Desktop Email encryption" software that both are fighting over the delivery of the message.  Turning off the Mail Enable client "add in" or turning off the "Mail Enable Client SSL requirements" still results in mail not sending".

    I am pretty sure if I set the user in pure IMAP mode then this will most probably work as obviously Outlook in default configuration is a "passive" product.  This worries me as IMAP in general does not work as well as the native Mail Enable Client "add in".  With this being given to high level executives IMAP will be a bad solution.

    I may consider allowing clear text authentication on the server for email pickup across the entire 600 users so that I can get this working for a few PGP users. (This is quite funny actually)

    I think I will also try and get some support from Mail Enable to assist resolving this.

    I am also wanting to investigate the "Gateway" version of the software to install on the server and get it to try and manage the encryption at the server end but its trialware is harder to get.  I have been waiting 2 days for a response from Symantec on whether they want to give me the trialware for the product, or not.

    Alex,

    Can you confirm what Tom is saying?

    I sort of understand why the software would want to take control of the SSL connection to the server, as many places do not secure their connections when sending email, and this is a good safeguard but it is actually a fairless useless exercise.  The Mail Server will generally send in "clear text" across the internet so securing the initial SSL connection (though a great idea) really doesn't need to be a mandatory thing.  The PGP message is literally "garbage" as it moves across the internet.

    -------------

    Thanks anyhow.  If there is any further help that can be provided please continue the thread.

     

    Scott