Mailing List CGatePro@mail.stalker.com Message #106408
From: Nicolas Hatier <nicolas.hatier@niversoft.com>
Subject: Re: SMTP and TLS 1.2
Date: Fri, 12 May 2017 18:40:59 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

This is for the oldest accepted protocol when accepting a connection from the outside.

When CGP initiates an SMTP connection to a smart host, it uses TLS 1.0 by default as Ralf Zenklusen explained.

Using the --SMTPOutgoingTLSVersion 3 startup option worked perfectly.

Nicolas Hatier, ing. <nicolas.hatier@niversoft.com>
Niversoft idées logicielles - http://www.niversoft.com



On 2017-05-12 03:38, Brian Turnbow wrote:
Hi,

Communigate has tls 1.2 from 6.1 ,  so if the server is up to date you 
should be ok.
You can set the “oldest accepted” to tls 1.2  in the general  → other  to 
force tls 1.2.
Be aware that this may break connections to other mail server that are not 
configured to support 1.2...
As it is a global setting.

Brian


From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On 
Behalf Of Nicolas Hatier
Sent: giovedì 11 maggio 2017 18:59
To: CommuniGate Pro Discussions
Subject: SMTP and TLS 1.2


Hello.

Can CGP send using TLS 1.2 when forwarding mail to a smarthost? (SMTP / 
Sending , Forward to...)

My client's ISP tells me TLS 1.2 is enabled on their server and they are 
going to retire 1.0 within a few months.
Send Encrypted (at the bottom of the same page) is configured properly.

However, in the logs, the TLS version used always seems to be 1.0:

12:32:03.191 2 TLS-000006 created(TLSv1.0,ECDHE_AES256_SHA) -> [x.x.x.x]:587 
for SMTP-000007
12:32:03.277 4 SMTP-000007(*) TLS-000006 secure(ECDHE_AES256_SHA) connection 
opened

I don't know enough about TLS to be sure whether or not the issue is on CGP 
side or on the ISP side.

Thanks.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster