Service Update
| Availability | November 10th-11th, 2025 |
| Product(s) | Email Security Cloud Gateway (CG) |
| Who's affected | Email Security Cloud Gateway, Administrators |
Overview
Mimecast is removing support for Secure Client-Initiated Renegotiation (SCIR) for TLS connections below version 1.3 across all grids globally. This change strengthens our security posture and aligns with modern industry standards.
What's changing
SCIR is a legacy TLS feature that allows email clients to request renegotiation of encryption parameters during an active connection. While historically used for updating session keys, SCIR introduces potential security vulnerabilities, particularly related to denial-of-service attacks.
Modern security best practices, including those implemented by major cloud email providers, have moved away from supporting client-initiated renegotiation. TLS 1.3 (the current industry standard) does not support SCIR at all, as the protocol's enhanced security makes it unnecessary.
Why we're making this change
- Enhanced Security: Eliminates a potential attack vector for denial-of-service attempts.
- Industry Alignment: Matches the security standards already implemented by Microsoft and other major providers.
Deployment Schedule
| Region | Date |
| Australia | Already deployed |
| Canada, Germany, South Africa, United Kingdom, United States of America, United States of America (B-Grid), Offshore. | November 10th-11th, 2025 |
Recommended actions
No action is required. Your email flow will continue uninterrupted. However, if you experience any email deliverability issues, please raise a case with Support.
Comments
Please sign in to leave a comment.