Procedure

1. Go to Administration → IMSVA Configuration → Transport Layer Security.
   The Transport Layer Security screen appears with the Messages Entering IMSVA tab displayed by default.
2. Click the Messages Exiting IMSVA tab.
   The Messages Exiting IMSVA screen appears.
3. Click Add under Domain List.
   The Add TLS Domain screen appears.

   Note By default, the Enable check box is selected. If you clear this check box, the TLS settings you specify in the following steps do not take effect.

4. Specify the domain of target recipients in the Domain field.
5. Select one of the following from the Security level drop-down list:
   • Never: IMSVA does not use TLS for the specified domain.
   • Opportunistic: IMSVA declares support for TLS for the specified domain. The server can choose whether to start a TLS connection.
   • Must: IMSVA requires TLS for communication for the specified domain. Communication between IMSVA and the server is encrypted.
   • Verify: IMSVA requires the server to start a TLS connection for the specified domain and send its certificate to IMSVA for server identification.
6. If any option other than Never was selected from the Security level drop-down list, select one of the following from the Cipher grade drop-down list:
   • Medium: Communication between IMSVA and clients uses "medium" and "strong" encryption cipher suites.
     For details about these cipher suites, see Supported Protocols and Cipher Suites.
   • Strong: Communication between IMSVA and clients uses "strong" encryption cipher suites.
     For details about these cipher suites, see Supported Protocols and Cipher Suites.
7. Click OK.

   Note If several TLS domains point to the same destination server specified in message delivery settings but their security levels are different, the highest level overrides other levels.