07-18-2019 08:18 AM
Refer the below SSL Config. setting (sample)
sslconfig settings:
GUI HTTPS method: tlsv1/tlsv1.2
GUI HTTPS ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Inbound SMTP method: tlsv1/tlsv1.2
Inbound SMTP ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Outbound SMTP method: tlsv1/tlsv1.2
Outbound SMTP ciphers:
MEDIUM
HIGH
-SSLv2
-aNULL
!RC4
@STRENGTH
-EXPORT
Queries:
-aNULL
!RC4
@STRENGTH
-EXPORT
Solved! Go to Solution.
07-22-2019 07:19 AM
07-18-2019 09:03 AM
The list of ciphers is documented here:
https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
You're using the list in HIGH, and MEDIUM, with the SSLv2, RC4, aNULL removed, sorted by the "strength" (bit length) and then EXPORT set removed.
The "-" says remove this cipher set.
The "!" says remove this cipher set and don't let something re-add down the line....
So if someone wrote a string like this:
TLS1:-aNULL:TLS1.2
you would get the TLS_RSA_WITH_NULL_SHA256 in the final list of possible ciphers.
With a !aNULL, you wouldn't.
07-22-2019 06:31 AM
07-22-2019 07:19 AM
07-18-2019 09:06 AM
If you go to the ESA command line, Enter "sslconfig" then "verify", and paste in your string, it will print out the ciphers that it will use.
If you need to check a specific email conversation, the mail tracking log will show you what got negotiated for that specific email.
07-22-2019 06:28 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: