Products: IMail Server Plus, IMail Server Premium, IMail Server

OpenSSL Switch from RC4 cipher to CBC cipher

« Go Back

Information

 
Description
My PCI compliance security scan said that I need to stop using the RC4 ciphers with SSL/TLS.  They suggested that I use the CBC ciphers.  How do I change them?
Solution
The RC4 ciphers are considered to be weak and easily broken.  These steps will show you how to disable them in IMail.
 
  1. Get and install the latest OpenSSL DLLs from http://ipswitchmsg.force.com/kb/articles/FAQ/OpenSSL-Vulnerability-Fixes?retURL=%2Fkb%2Fapex%2FknowledgeHome&popup=false if you the version of IMail does not contain them already.
  2. Go to https://mozilla.github.io/server-side-tls/ssl-config-generator/.
    • You will see two sets of radio buttons.
    • Select Apache for the first set and Intermediate for the second.
    • In the box below look for SSLCipherSuite.
    • Copy only the long string that follows it.
  3. Open regedit and make a backup of HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Ipswitch\IMail\ssl if you're on a 64 bit OS or HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\ssl if you're on a 32 bit OS.
  4. Under the SSL key Make a new REG_SZ type named CipherStrings. Set the value to the string you copied in step 2.
  5. Restart your SMTP,Queue Manager, POP, and IMAP services.

To remove the RC4 ciphers in IIS, see this kb article.
Version11.5; 12.0; 12.1; 12.2; 12.3; 12.4; 12.5; 12.5.1; 12.5.2; 12.5.3; 12.5.4
Attachment 

 
Customer Service Softwaresalesforce.comHome | Product