Google Message Encryption Administration Guide User Manual

20

Postini Encryption Services Administration Guide

TLS Certification

Description

Encrypt Only

Behavior: Policy Enforced TLS obtains the keys
from the Server Certificate, extracts the keys,
completes the TLS handshake, and begins the
encrypted session. No further verification takes
place. Errors that prevent key extract will result in a
bounced connection, but any other certificate-
related errors are ignored.

Recommendations: This setting provides the most
reliable delivery of encrypted mail, and is
recommended in most cases. Use if you wish to
allow a TLS connection even with malformed or out-
of-date certificates. This setting allows encrypted
communication even if the recipient’s certificate is
invalid, as long as the certificate is functional.

Verify Cert

Behavior: Confirm that the certificate has proper
form and syntax. Ensures that certificates are valid,
but provides no protection against spoofing. Policy
Enforced TLS ends the session if any certificate
errors occur, but allows an out of date certificate,
self-signed certificate, or certificate from an
unknown trust.

Recommendations: This setting can be used to
detect any problems with the TLS certificate. If you
wish to block malformed certificates, and detect any
certificate problems, use this setting. This setting
provides increased verification, but may stop some
outbound mail.