Page 1 of 1

TLSv1.2

Posted: Fri Nov 14, 2014 9:34 pm
by deltacomc
Any upgrades planned concerning getting state-of-the-art tls support?

Re: TLSv1.2

Posted: Sat Nov 15, 2014 9:58 am
by del
MailCleaner is based on Debian Squeeze which do not support openssl 1.0.x yet.
I think we have to wait for a new distribution.

Re: TLSv1.2

Posted: Wed Nov 19, 2014 2:50 pm
by Julien
Hi,

We have recompiled openssl in the enterprise version to use TLS 1.2 on web interface.
This version is now in testing mode. Once stable, it will be available for comunity edition.

About the debian version, we planned to use Jessie (8) as soon as it is stable.
We will begin MailCleaner test on this version when it will enter in release candidate strate.

Julien.

Re: TLSv1.2

Posted: Wed Nov 19, 2014 6:53 pm
by deltacomc
*cheers*

Great news, so thanks for your response.

Re: TLSv1.2

Posted: Fri Jan 23, 2015 8:23 pm
by deltacomc
Any updates so far?

SSL-Encryption for web is after some tweaks acceptable,

ssllabs.com.png
ssllabs.com.png (16.46 KiB) Viewed 5857 times


but what about tls-secured transmission?

2015-01-22 10:59:59 1YEEYR-0002Qs-Mb DKIM: d=xx.xx s=key2 c=relaxed/relaxed a=rsa-sha1 i=xx@xx.xx [verification succeeded]
2015-01-22 10:59:59 1YEEYR-0002Qs-Mb <= xx@xx.xx H=xx [xx.xx.xx.xx] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=28728 id=0.1.7D.44B.1D0362A2E3A8B48.0@xx.xx.xx
2015-01-22 11:00:00 1YEEYR-0002Qs-Mb => xx@xx.xx R=filter_forward T=local_smtp S=29309 H=127.0.0.1 [127.0.0.1] C="250 OK id=1YEEYS-0002Qw-0C

Re: TLSv1.2

Posted: Mon Aug 31, 2015 7:34 pm
by rmillerd
*BUMP* I second this request. Our PCI ASV is giving us a hard time because they see TLS1.0 enabled on 25. We need to enable 1.2 and disable 1.0 before June 30th 2016.

To get the Ciphers up to par I had to update the exim_stage1.conf_template with

tls_require_ciphers = HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!SSLv2

Re: TLSv1.2

Posted: Mon Dec 14, 2015 5:17 pm
by ssanfordph
Do you have a timeline for a patch? We're also under scrutiny from our PCI ASV for having this enabled.

Re: TLSv1.2

Posted: Tue Nov 08, 2016 12:14 pm
by opg1987
Has anyone had any luck with this?

I am still only offering TLSv1 and would like to change this to TLSv1.2

Image

To get the Ciphers up to par I had to update the exim_stage1.conf_template with

tls_require_ciphers = HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!SSLv2

With that cipher config, what cipher is most commonly used?

Thanks.