Outbound FOPE Opportunistic TLS has much more relaxed requirements than that of Forced TLS policies.

Outbound Opportunistic TLS allows the following:

  • TLS to self-signed certificates
  • TLS to certificates that chain up to roots that are not trusted by the FOPE service
  • There is no CRL checking for revocation of certificates