Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Perfect Forward Secuity - Enable ECDH
  •  
juergen852

Messages: 120
Karma: 3
Send a private message to this user
We are running Kerio Connect on a Ubuntu 10.04 server.
I would like to enable perfect forward security.

Article with more information: http://heise.de/-1932806

When I check for perfect forward security with "openssl s_client -cipher 'ECDH:DH' -connect login.live.com:443", I get the following response
....
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA



When running it against my machine i get

CONNECTED(00000003)
140334437996192:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:724:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 227 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

so my machine does not support ECHD.

Does anybody know how to activate ECHD for Kerio on Ubuntu ?




After more research: ECHD does not even seem to be installed on the machine.
root@kerio-ubuntu:~# openssl ciphers
DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES -CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE -RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:RC 4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SH A:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DS S-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD 5:EXP-RC4-MD5:EXP-RC4-MD5

Does Kerio only work with the chiphers installed on the Server ?
Anybody an idea how to install it on Ubuntu 10.04?

Greets
Juergen

[Updated on: Wed, 21 August 2013 00:40]

Previous Topic: Seeking CRM for Kerio with Outlook for Mac
Next Topic: [SOLVED] Updated from 8.0.2 to 8.1.2 - all shared calendars gone in iCal
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 04:25:52 CEST 2017

Total time taken to generate the page: 0.00410 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.