Hosted Email: Disabling TLS 1.0/1.1 support in October 2021

We take the security of your confidential data very seriously which is why we take proactive steps to adopt modern security and phase out older protocols over a period of time.

Back in 2020, we enforced encrypted connections on our Hosted Email platform. This meant that all connections had to be encrypted, keeping your emails safe in transit. You can read more about this here.

TLS is the successor to SSL although the term SSL is often still used to describe TLS. On October 5th 2021 at 12noon we will be disabling TLS 1.0/1.1 support on our Hosted Email platform. This will mean that all connections will require TLS 1.2 or higher. TLS 1.0 and 1.1 are deprecated, deemed insecure and should be avoided to prevent the compromise of your private emails.

All modern mail clients and our Roundcube webmail already support TLS 1.2 and the vast majority of our clients will not be affected. Our latest investigation showed that 2.2% of connections used TLS 1.0, and 0.1% of connections used TLS 1.1. You can read more about our recommended mail client settings here.

If your mail client does not support TLS 1.2, we recommend that you check out Mozilla Thunderbird. It is free, open source, very easy to use and the client used by most team members at Anu: https://www.thunderbird.net/. We have a handy guide available for customers here.

Another alternative is to use our Roundcube Webmail: https://roundcube.anu.net/ – recent updates have brought in a new, modern web interface which works seamlessly across all devices (PCs, Laptops, Tablets and Phones).

We will be contacting affected customers directly over the next 4-6 weeks to make them aware and provide assistance where necessary.

If you need any further help or advice, please do not hesitate to contact us by emailing support@anu.net.

Passwordless SSH logins using private keys and .ssh/config

These instructions will work on any computer that uses OpenSSH such as macOS or most Linux/Unix systems. The process for generating keys on other platforms will vary but the general principle is the same.

  • Open your Terminal app and generate a new key pair by typing ssh-keygen at the shell prompt. You should see:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):

Press Enter to confirm the default location (that is, ~/.ssh/id_rsa) for the newly created key and the press enter twice more when prompted for a passphrase.

  • After this, you will be presented with a message similar to this:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
e7:97:c7:e2:0e:f9:0e:fc:c4:d7:cb:e5:31:11:92:14 alfie@example.com
The key's randomart image is:
+--[ RSA 2048]----+
|             E.  |
|            . .  |
|             o . |
|              . .|
|        S .    . |
|         + o o ..|
|          * * +oo|
|           O +..=|
|           o*  o.|
+-----------------+
  • Change the permissions of the ~/.ssh/ directory to 700 to ensure it is only accessible by your user ID:
$ chmod 700 ~/.ssh
  • Copy the content of ~/.ssh/id_rsa.pub into the ~/.ssh/authorized_keys on the machine to which you want to connect, appending it to its end if the file already exists.
  • Set the permissions of the ~/.ssh/authorized_keys file using the following command:
$ chmod 600 ~/.ssh/authorized_keys

How to create an SSH shortcut

To create a custom ssh connection so you don’t need to type the IP address of your server every time, type from your home directory:

nano .ssh/config

then enter the following below

Host shortcutname
HostName 10.11.12.13
IdentityFile ~/.ssh/id_rsa
PreferredAuthentications publickey
Port 22
User root

Save the file and exit nano. You can now connect to the server using the command ssh shortcutname without having to enter any additional connection information or password.

Upcoming USA1 datacenter migration

What is happening?

Over the coming weeks we will be migrating customers hosted out of our usa1 (Chicago) datacenter to a new datacenter facility which is also located in Chicago approx 2 miles away.

Why?

The new facility offers us higher power availability, better connectivity and more redundancy. We are also taking this opportunity to complete the roll-out of improved firewall and encryption subsystems on our virtualization hypervisors to further improve our cyber security defenses.

What is the impact?

Affected customer VMs will be migrated one by one to new hardware running in the new datacenter. Both facilities are connected by a VLAN which will facilitate seamless transition of IP traffic. No IP renumbering or other changes will be required. Once migration is complete you can expect lower latency, faster performance and better security.

Migration will require a brief disruption while we sync changed data and reboot VMs on new hardware. We will schedule migrations with affected customers individually at the most convenient time slots.

Questions?

Please contact support@anu.net if you have any questions about this migration.