Enforced TLS

This is where administrators specify the domain pairs between which the traffic is to be transferred with TLS. Encryption can be used in both directions or in one direction only. Only domains can be specified.

Create new enforced TLS

To create a new enforced TLS click on the button.

Filter criteria

• Domain

Sender domain

Sender’s Domain

Recipient domain

Recipient’s Domain

---

Create new enforced TLS

Sender domain

Sender’s domain (@example.com). “*” for all domains. Domains must begin with “@”. Multiple addresses can be entered with delimiters (comma or semicolon).

Recipient domain

The recipient’s domain (@localexample.com). “*” for all domains. Domains must begin with “@”. Multiple addresses can be entered with delimiters (comma or semicolon).

Mode

• Options:
  • Enforced: TLS connection mandatory, otherwise the connection will be terminated.
  • Not enforced: Clear-text connection is possible.

Direction

• Options:
  • One-way: Encryption is only used in one direction (sender–recipient).
  • Two-way: Encryption is used in both directions (sender–recipient / recipient–sender).
  • Examples:
    • From: * —-> TLS Enforced —> To: *
    • From: @xx.de —-> TLS Not Enforced —> To: @yy.net
    • From: * —-> TLS Enforced —> To: @zz.de
    • From: @aa.net —-> TLS Not Enforced —> To: *

---

Editing enforced TLS

Only the mode can be edited here. To edit a domain entry, it has to be deleted in the administration area and then recreated.