Special SSL hostname for old clients

Well after upgrading our SSL configuration yesterday, it turns out that it seems there’s still a few email clients out there that only support the old SSLv2 standard, the most notable one being chatteremail. Chatteremail is no longer being updated, but it’s still a great IMAP client for older Palm phones and used by a lot of people.

Because of that, I’ve created a special hostname that can be used by users having problems with the upgraded SSL protocol. For those users, you just need to change your email software so rather than using mail.messagingengine.com as the server name, you use insecuressl.messagingengine.com instead. The name is explicitly messy to make sure that people realise this isn’t a recommended hostname, it’s only something to use if absolutely needed and it does carry security implications (SSLv2 has some known vulnerabilities)

Posted in Technical. Comments Off

New Home/Login Page on beta

 

Although we changed it less than 6 months ago, and despite it being a big improvement over the old home page, we haven’t been 100% happy with our new home/login page. There wasn’t enough information “above the fold” for new customers looking to signup.

So we’ve been experimenting with some layout changes that we’ve currently put on our beta server at http://www.fastmail.fm/beta/.

For existing customers, there’s little to no difference. The login box is still near the top on the right hand side. For new customers though, we believe this page contains more relevant information in a more concise form.

Comments welcome, please send them to jackm@fastmail.fm

 

Posted in Marketing. Comments Off

SSL security updated

Due to a recently discovered SSL man-in-the-middle flaw, I’ve upgraded our web, IMAP and POP proxy servers to disable SSL renegotiation.

At the same time, I’ve disabled SSLv2 protocol (it’s been deprecated 1996) and disabled all “LOW” and “EXPORT” ciphers.

In theory, there should be no user visible changes, but some very, very old email clients or browsers may experience problems. Unfortunately in those cases, people are either going to have to use non-SSL access, or upgrade their email client/browser to a newer version.

Posted in News, Technical. Comments Off
Follow

Get every new post delivered to your Inbox.

Join 5,715 other followers