TLSv1.2

New features and ideas to improve MailCleaner

Moderators: FlorianB, mentor, Pascal, bourgeois

deltacomc
Posts: 10
Joined: Wed May 07, 2014 2:07 pm
How did you hear about Mailcleaner: googling

TLSv1.2

Postby deltacomc » Fri Nov 14, 2014 9:34 pm

Any upgrades planned concerning getting state-of-the-art tls support?
del
Posts: 496
Joined: Mon Mar 11, 2013 7:42 am
How did you hear about Mailcleaner: google
Location: Germany

Re: TLSv1.2

Postby del » Sat Nov 15, 2014 9:58 am

MailCleaner is based on Debian Squeeze which do not support openssl 1.0.x yet.
I think we have to wait for a new distribution.
Julien
Posts: 31
Joined: Mon Jul 14, 2014 8:43 am
How did you hear about Mailcleaner: job

Re: TLSv1.2

Postby Julien » Wed Nov 19, 2014 2:50 pm

Hi,

We have recompiled openssl in the enterprise version to use TLS 1.2 on web interface.
This version is now in testing mode. Once stable, it will be available for comunity edition.

About the debian version, we planned to use Jessie (8) as soon as it is stable.
We will begin MailCleaner test on this version when it will enter in release candidate strate.

Julien.
deltacomc
Posts: 10
Joined: Wed May 07, 2014 2:07 pm
How did you hear about Mailcleaner: googling

Re: TLSv1.2

Postby deltacomc » Wed Nov 19, 2014 6:53 pm

*cheers*

Great news, so thanks for your response.
deltacomc
Posts: 10
Joined: Wed May 07, 2014 2:07 pm
How did you hear about Mailcleaner: googling

Re: TLSv1.2

Postby deltacomc » Fri Jan 23, 2015 8:23 pm

Any updates so far?

SSL-Encryption for web is after some tweaks acceptable,

ssllabs.com.png
ssllabs.com.png (16.46 KiB) Viewed 5370 times


but what about tls-secured transmission?

2015-01-22 10:59:59 1YEEYR-0002Qs-Mb DKIM: d=xx.xx s=key2 c=relaxed/relaxed a=rsa-sha1 i=xx@xx.xx [verification succeeded]
2015-01-22 10:59:59 1YEEYR-0002Qs-Mb <= xx@xx.xx H=xx [xx.xx.xx.xx] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=28728 id=0.1.7D.44B.1D0362A2E3A8B48.0@xx.xx.xx
2015-01-22 11:00:00 1YEEYR-0002Qs-Mb => xx@xx.xx R=filter_forward T=local_smtp S=29309 H=127.0.0.1 [127.0.0.1] C="250 OK id=1YEEYS-0002Qw-0C
rmillerd
Posts: 1
Joined: Wed Jun 03, 2015 9:49 pm
How did you hear about Mailcleaner: Googling

Re: TLSv1.2

Postby rmillerd » Mon Aug 31, 2015 7:34 pm

*BUMP* I second this request. Our PCI ASV is giving us a hard time because they see TLS1.0 enabled on 25. We need to enable 1.2 and disable 1.0 before June 30th 2016.

To get the Ciphers up to par I had to update the exim_stage1.conf_template with

tls_require_ciphers = HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!SSLv2
ssanfordph
Posts: 15
Joined: Thu Apr 25, 2013 2:09 pm
How did you hear about Mailcleaner: google

Re: TLSv1.2

Postby ssanfordph » Mon Dec 14, 2015 5:17 pm

Do you have a timeline for a patch? We're also under scrutiny from our PCI ASV for having this enabled.
opg1987
Posts: 36
Joined: Thu Dec 17, 2015 12:14 pm
How did you hear about Mailcleaner: Colleague

Re: TLSv1.2

Postby opg1987 » Tue Nov 08, 2016 12:14 pm

Has anyone had any luck with this?

I am still only offering TLSv1 and would like to change this to TLSv1.2

Image

To get the Ciphers up to par I had to update the exim_stage1.conf_template with

tls_require_ciphers = HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!SSLv2

With that cipher config, what cipher is most commonly used?

Thanks.

Return to “Features request”

Who is online

Users browsing this forum: No registered users and 2 guests