© Crown copyright 2021
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: firstname.lastname@example.org.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/email-security-standards/transport-layer-security-tls
Transport Layer Security (TLS) is an encryption protocol that protects data when it moves between computers. When 2 computers send data they agree to encrypt the information in a way they both understand. One or both of the computers may refuse to connect if they cannot agree on a suitable encryption method, depending on the rules in place.
All modern emails services support TLS. Most email services will support TLS 1.2. The standard for TLS 1.3 has recently been agreed and should be adopted once available in popular email services.
How TLS works
The sending email service contacts the receiving service over a standard Simple Mail Transfer Protocol (SMTP) connection. The sending email service sends a STARTTLS command to ask the receiving service to start a more secure TLS connection.
If the receiving service agrees to use a secure TLS connection, the sending service shares a list of protocols and ciphers it understands. The receiving service looks at the list and chooses an option the sending and receiving email services both understand. The receiving server then sends back its security certificate and public encryption key.
The sending server checks the security certificate is valid, then uses the public key to encrypt and send an email. Only the receiving server has the private key that can decrypt the email, so the message is secure.
If either server cannot support an encrypted connection, both services will default to a less secure Secure Sockets Layer (SSL) connection, or a non-encrypted connection.
Sending email with TLS
In most cases you’ll have the option to use opportunistic TLS on all connections. Using opportunistic TLS means the servers will try to create an encrypted connection, but will send email unencrypted if they cannot.
For domains you know support TLS you can choose to create a rule that requires a TLS connection when connecting to that domain. The sending service will drop the connection and not send an email if the sending and receiving services cannot agree on an encryption method.
Receiving email with TLS
You should enable opportunistic TLS. You can also create rules that require a TLS connection when you know the sender supports TLS. This way any email using non-TLS connections is automatically rejected.
You can check if a connection uses TLS by looking at the email headers for a TLS version and cipher.
You will see something like this in the header:
version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128
This tells you the TLS version and cipher used. How you view the header depends on the email client you’re using.
If you’re a system administrator you should be able to check if inbound email is using TLS in your email logs and reporting.
Further email security guidance
All public sector organisations must follow guidance on how to set up email services securely.
The Internet Engineering Task Force provide more information on the TLS specification. Google has general information on how encryption works, and the Khan Academy has a in-depth explanation on encryption and public keys.
You can also find out about the problem of TLS downgrade attacks.