Mailing List CGatePro@mail.stalker.com Message #106733
From: Ralf Zenklusen, BAR Informatik AG r.zenklusen@barinformatik.ch <CGatePro@mail.stalker.com>
Subject: AW: Why does a freshly installed CentOS 7.4 / CommuniGate Pro 6.2.1 server only gets a Qualys SSL B grade ?
Date: Tue, 30 Jan 2018 11:16:41 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.52.54.12/1.54.12.21

Well,

there’re still many mail servers around that use old/weak crypts.
You’ll get problems to deliver to these servers if you disable old/weak (Settings->General->Other).

There’re a few startup settings that influence SSL/TLS.

You may try and report other SSL deficits to support.

 

 

I would wish that SMTP und HTTP (and others) SSL/TLS settings would be separate.

That way at least the HTTPS would be up to date regarding security.

 

 

But it gets now urgent that the “Send Encrypted” settings is automated.

That means that CGate (if configured to do so) will use “plain stmp” if “encrypted” will not work.

Obviously that would most probably mean that you could disable the “use weak ciphers” and get a better SSL rating.

 

 

Regards

Ralf

 

 

 

 

Von: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
Gesendet: Dienstag, 30. Januar 2018 10:47
An: CommuniGate Pro Discussions
Betreff: Why does a freshly installed CentOS 7.4 / CommuniGate Pro 6.2.1 server only gets a Qualys SSL B grade ?

 

Greetings,

Why does a freshly installed CentOS 7.4 / CommuniGate Pro 6.2.1 server only gets a B grade with the Qualys SSL checker (see attached screenshot) ?

[root@mail ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[root@mail ~]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK 3gnt.net CommuniGate Pro POP3 Server 6.2.1 ready <421.1515639465@3gnt.net>

The server uses a valid Let's Encrypt certificate, and if use an Apache server as a reverse proxy, I get an A grade, which makes me think it's something with the CommuniGate Pro SSL implementation. However, I feel using Apache as a reverse proxy makes no sense, since CommuniGate Pro has an embedded Web server.

How do i fix/workaround the problems reported by the Qualys SSL checker ?

Regards,

--
Sérgio Araújo
Sócio-gerente | Director Técnico

3GNTW | IT - Infraestruturas Tecnológicas

sergio@3gnt.net | +351 252 377 120

Administração de Sistemas | Alojamento Web | Alta Disponibilidade | Cloud | Consultoria | Datacenter | Domínios | Internet | Lojas Online | Messaging | Mobilidade | Newsletters | Redes | Segurança | Telefonia IP | Virtualização | VoIP | Websites

Visite-nos, em www.3gnt.net!
Siga-nos no Facebook, Google+, LinkedIn, Twitter e YouTube.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster