Dear hispeed.ch
I am experiencing delays in mail forwarding.
According to Verisign delays are likely due to invalid TLS Cipher Suites at hispeed.ch
Can you please review the list provided below and comment?
Thanks, Tim
P.S. Is there a way I can post question like this directly to tech support?
Seems odd having to post this to a forum! Especially for a paid service!
============================================
Lindsay S (2/18/2022, 4:56:58 PM): Thank you for contacting Verisign Support, how may I help you?
Me (2/18/2022, 4:57:03 PM): hi there
Me (2/18/2022, 4:57:16 PM): i have since many years a domain registered with register.com
Me (2/18/2022, 4:57:19 PM): xxx.xxxxxx.name
Me (2/18/2022, 4:57:35 PM): i use it to create an "alias" for mail
Me (2/18/2022, 4:57:46 PM): when someone write to xxx@xxxxxx.name
Me (2/18/2022, 4:58:04 PM): it forwards to my "real" mail which is xxx.xxxxxx@hispeed.ch
Me (2/18/2022, 4:58:16 PM): (or what ever ISP i am using at the moment)
Me (2/18/2022, 4:58:26 PM): this roundtrip used to take seconds
Me (2/18/2022, 4:58:33 PM): nowadays it takes 10-15 minutes
Me (2/18/2022, 4:58:40 PM): rendering the service partially useless
Me (2/18/2022, 4:58:55 PM): i spoke with the colleagues at register.com, but they have no idea
Me (2/18/2022, 4:59:13 PM): i do not have the impression they even understand the nature of the .name gTLD
Me (2/18/2022, 4:59:34 PM): does this sound familiar? and do you have any ideas how to resolve?
Lindsay S (2/18/2022, 5:00:25 PM): Please hold while I check our logs for that email.
Me (2/18/2022, 5:01:15 PM): thanks. it looks like you guys run the infrastructure for .name (?)
Me (2/18/2022, 5:02:07 PM): Pref Hostname IP Address TTL
10 mx01.nic.name 209.131.159.47 VeriSign Infrastructure & Operations (AS30060) 180 min
10 mx02.nic.name 209.131.158.56 VeriSign Infrastructure & Operations (AS30060) 180 min
10 mx03.nic.name 209.131.161.54 VeriSign Infrastructure & Operations (AS11840) 180 min
10 mx04.nic.name 209.131.160.34 VeriSign Infrastructure & Operations (AS11840) 180 min
Lindsay S (2/18/2022, 5:02:16 PM): Based on review of our logs, it appears that our email forwarders are not able to successfully negotiate a valid TLS session with your mail providers' mailservers, resulting in the delay. You may want to consider reaching out to your mail provider to have them review their configuration. Provided below is the list of supported TLS v1.2 and v1.3 cipher suites which could be helpful for your mail provider in troubleshooting your issue.
TLSv1.2:
ciphers:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLSv1.3:
ciphers:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_AES_128_CCM_SHA256
Lindsay S (2/18/2022, 5:03:35 PM): This is an issue with the TLS cipher suites. Please reach out to your mail provider to review the configuration with the above list of supported TLS cipher suites.