Mailing List CGatePro@mail.stalker.com Message #106742
From: Ralf Zenklusen, BAR Informatik AG r.zenklusen@barinformatik.ch <CGatePro@mail.stalker.com>
Subject: AW: Why does a freshly installed CentOS 7.4 / CommuniGate Pro 6.2.1 server only gets a Qualys SSL B grade ?
Date: Wed, 31 Jan 2018 08:25:27 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.52.54.12/1.54.12.21
It should work - in these cases plain. Unless the other server is configured to use SSL only with weak ciphers only - which would be a terrific configuration.

We see more crypt connection problems during the last months, even though "weak ciphers" is enabled.
So the real reason to revert automatically to plain if crypt doesn't work (if new setting allows it for the target) is not to eliminate the "Weak ciphers", but to get a connection at all without having to add these server to the excempt (use plain) list manually.

I also don't see a possibility to disable "weak ciphers" for smtp for quite some time.
That's why separate SSL/TLS settings for smtp vs https would be great.

Regards
Ralf


r.zenklusen@barinformatik.ch
-----Ursprüngliche Nachricht-----
Von: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com]
Gesendet: Mittwoch, 31. Januar 2018 00:27
An: CommuniGate Pro Discussions
Betreff: Re: Why does a freshly installed CentOS 7.4 / CommuniGate Pro 6.2.1 server only gets a Qualys SSL B grade ?

It doesn't work. Many older mail servers will simply not engage mail transfer with you. In our scenario, in the hotel and tourism industry, it would be suicide to not allow weak transfers, included non-encrypted transactions.


On 30/01/2018 8:33 PM, Palvelin Postmaster postmaster@palvelin.fi wrote:
>
>> On 30 Jan 2018, at 12:16, Ralf Zenklusen, BAR Informatik AG r.zenklusen@barinformatik.ch <CGatePro@mail.stalker.com> wrote:
>>
>> But it gets now urgent that the “Send Encrypted” settings is automated.
>> That means that CGate (if configured to do so) will use “plain stmp” if “encrypted” will not work.
>> Obviously that would most probably mean that you could disable the “use weak ciphers” and get a better SSL rating.
> I didn’t know of this change. Has anyone tried to disable it and see how that works in the real world?
>
>
> --
> Palvelin.fi Hostmaster
> postmaster@palvelin.fi
>
>
> #############################################################
> This message is sent to you because you are subscribed to
>    the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com> To switch
> to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to
> <CGatePro-index@mail.stalker.com> Send administrative queries to  
> <CGatePro-request@mail.stalker.com>

--
Shaun
Fitzroy Island <http://www.fitzroyisland.com> Cairns, QLD Destination Darwin NT <http://www.destinationnt.com> Darwin, NT MOM Backpackers <http://www.momdarwin.com> Darwin, NT Value Inn Hotel <http://www.valueinn.com.au> Darwin, NT Crocosaurus Cove <http://www.croccove.com> Darwin, NT Please do not send any unsolicited email. It is not wanted.


#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster