The institute has decided to implement a more strict usage policy for current TLS versions for mail and other services. The policy up till now was to allow unsafe connections if one side did not support a secure connection.

Now all services will be successively switched to a stricter policy. This means that connections to or from us will only be accepted with TLSv1.2 and v1.3. Web connections will still accept http but will immediately reroute to https with secure TLS.

Users are advised to check if the software they use supports and uses secure TLS versions. There could be problems with the use of intermediary Software like mandatory proxies or ISP mail servers.

A further implemented change will be the usage of SPF and DKIM signing for mail. SPF is already active on most of our mail domains. The implementation of DKIM will be completed till the end of autumn. These measures can cause problems with mail forwarding.