Scan to e-mail TSL ver. 1.2

**bsm2** · 01-07-2021, 09:19 PM

Re: Scan to e-mail TSL ver. 1.2

A firmware update may be available but maybe not. You should have them contact Ricoh Support an ask or maybe a Ricoh tech on this site can answer.

**BillyCarpenter** · 01-07-2021, 09:27 PM

Re: Scan to e-mail TSL ver. 1.2

Originally posted by thurmmy

One of my customers has 3 older MFPs, a Ricoh MP6500, a Savin 9250 and a Savin MP 2550. Their IT called me up and said Microsoft did some changes and no longer supports the SSl versions. She is trying to install/set up TSL version 1.2 and is unable to. Do these older models not support this or what? I am not familiar with this stuff at all. Any insights into this?

It's highly likely that this older Ricoh doesn't support TLS v1.2. TLS v.1.1 has basically been phased out. Unless Ricoh has a firmware upgrade that addresses v.1.2, you're probably out of luck.

**slimslob** · 01-07-2021, 10:15 PM

Re: Scan to e-mail TSL ver. 1.2

There is a possibility that "Site Certificate" needed for SSL has expired. You can export a certificate from your browser to a folder on you computer and then use WIM to import it to the MFP.

The certificate that I have used in the past is the Google Internet Authority.
To import the certificate to your MFP:

Open WIM
Click [Login] and login as Administrator.
Click on the [Configuration] link.
Under the [Security Section], click on [Site Certificate].
Click on the [Browse] button and navigate to the location where the certificate resides.
Click on the import button. Once completed, the certificate will appear under Imported Site Certificates. Click [OK], then close Web image Monitor.

**rthonpm** · 01-08-2021, 04:36 PM

Re: Scan to e-mail TSL ver. 1.2

Those models are all too old to support TLS 1.2, and still support the ancient 'export grade' ciphers. The main option you'll have left is some kind of onsite SMTP relay that adds the necessary encryption. Our preferred method has always been Stunnel. It runs on Windows or Linux as a service and wraps the unsecured email from the MFP into a TLS connection to the M365 mail servers.

Credentials are saved on the MFP, point the SMTP server setting to the device running Stunnel and configure the settings for SMTP as follows for Microsoft 365:

[SMTP]
Protocol = smtp
Accept = 25
Connect = smtp.office365.com:587
CApath = /etc/ssl/certs

The last setting is for Linux servers.

Customer IT can set it up pretty easy.

Sent from my BlackBerry using Tapatalk

**Dark Helmet** · 01-08-2021, 05:54 PM

Re: Scan to e-mail TSL ver. 1.2

On the Sharps we were able to scan to office 365 by putting carrots < > around the reply address. No idea if it works on a ricoh

<noreply@office.com>

You did not touch the authentication login name however.

**marvin-vegan** · 01-11-2021, 09:17 AM

Re: Scan to e-mail TSL ver. 1.2

Hi,
first of all, Office365 now requires TLS protocol rather than SLL. It runs on different ports (587 instead of 465).
Secondly, it does require TLS 1.2 as previous comment. So older models are not quite supported and the vendor do not plan to update models older than 7 years. 10 years old models are completely out of scope (concerning the support of new drivers/firmwares).
Good help to find if the model support generally SMTP over SSL is to look at the user tools - system settings - file transfer - smtp server - and use secure connection = if that option is missing, you cannot use OFFICE365 services.

On new models is also a problem. Some office accounts need 3rd authentications - these accounts cannot be use for SMTP auth.

**t3hscrubz** · 01-26-2021, 07:02 PM

Re: Scan to e-mail TSL ver. 1.2

Howdy

Recently I have thought this same exact thing. But then I worked with a customer, and in the process of doing so;

1. We installed a 'device' certificate;

HTML Code:

https://www.youtube.com/watch?v=gHgArYK8wEI

2. Then, make sure under security settings TLS 1.2 is enabled

3. Enter in the remainder of the SMTP AUTH info, and test.

Tested on MP 4002 and MP C4502, thank you.

**thurmmy** · 01-26-2021, 07:18 PM

Re: Scan to e-mail TSL ver. 1.2

Thanks for the response. My customers IT dept. did not want to do anything manually to resolve or attempt to resolve. So what are you gonna do? I may lose this account but how can you help when they don't want to do anything.

**slimslob** · 01-26-2021, 09:41 PM

Re: Scan to e-mail TSL ver. 1.2

Originally posted by thurmmy

Thanks for the response. My customers IT dept. did not want to do anything manually to resolve or attempt to resolve. So what are you gonna do? I may lose this account but how can you help when they don't want to do anything.

Due to the age of those models the customer's IT isn't going to have much say in the matter. Either they do what is needed or the customer is going to have to purchase more modern equipment that supports StartTLS. The best solution is to follow the instructions put out by Microsoft. How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Docs Option 2 or Option 3 do not require StartTLS.

**satins** · 02-17-2021, 11:52 AM

Re: Scan to e-mail TSL ver. 1.2

Stunnel shall be the best option in this case, if your customer does not want to invest in the new equipment.
Its easy and it works great!

Scan to e-mail TSL ver. 1.2

Scan to e-mail TSL ver. 1.2

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment