Hi Michael, Been a while since I've put my 2ยข in and this mostly for the benefit of Ken, Chris, and the other hosting guys. In having to answer to the overlords at FINRA, NCUA, PCI, etc. I routinely harden Exchange servers using tools from our friends at Qualys and SSL Labs for private companies. When I decided to lock down the server I use to host Exchange for several smaller companies to get that A+ it broke every version of Outlook prior to 2013 including the Mac clients. I ended up having to enable AES_128 SHA256 in TLS 1.1 in order to make 2010 version work again and SHA 128 in TLS 1.0 to make 2007 work (but, even this will still get you an A). I know all of this doesn't translate into the world of BX but bottom line is that while hardening web servers you're still going to have users who need to get mail securely (well semi-securely) using old and in some cases ancient devices and clients. Just gotta be careful how many you run over in the process of locking things down.
Lew Berry, MCSE, MCT, CSSA LCB Consulting Inc. -----Original Message----- From: Blueonyx <blueonyx-boun...@mail.blueonyx.it> On Behalf Of Michael Stauber Sent: Wednesday, March 14, 2018 3:49 AM To: blueonyx@mail.blueonyx.it Subject: [BlueOnyx:21849] Re: https://www.ssllabs.com/ssltest/analyze.html actual only B rating for blueonyx Server with ssl Hi Dirk, > This are the CipherSuits which are actually active at the 5209R Servers: > > SSLCipherSuite > HIGH:!LOW:!MEDIUM:!DH:!ADH:!EXP:!SSLv2:!SSLv3:!aNULL:!eNULL:!NULL:!EXPORT:!ADH:!IDEA:!ECDSA:!3DES:!DES:!MD5:!PSK:!RC4:!SHA: > > -> unfortunately no PFS > Are this the SSLCipherSuite you set in the Scripts for adding SSL Support to > a site or is this not the actual value? I think these might indeed be the problem. I'll publish an update that introduces a more sensible SSLCipherSuite to fix this issue on 5209R. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
