Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » SSL ciphers
  •  
AnotherJJ

Messages: 2
Karma: 0
Send a private message to this user
Good day,

I'm in the midst of migrating from a different platform to KC 8.4.1 on CentOS 6.6

I've been investigating the SSL/HTTPS side of things and notice that the server's preferred cipher is TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, which is pretty good.

However, the DH exchange is being carried out at 1024 bits. Can this be changed?
  •  
AnotherJJ

Messages: 2
Karma: 0
Send a private message to this user
Good day, any chance I could get a reply to this?
  •  
Brian (GFI/Kerio)

Messages: 761
Karma: 75
Send a private message to this user
Do you mean that your certificate was signed using 1024 bits? If you create a new certificate using Kerio Connect it will use 2048 bit encryption. More information is available here: http://kb.kerio.com/1132

Brian Carmichael
Instructional Content Architect
  •  
Lukas Petrlik (Kerio)

Messages: 117
Karma: 7
Send a private message to this user
Unfortunately, this cannot be changed in the current Connect version. But if you set "AllowEphemeralDH" to 0 in mailserver.cfg, the key exchange will use the RSA key from your certificate wherein the key may be longer.

We know that it is not optimal and we have already prepared some changes in SSL/TLS that will allow your Connect servers to obtain an "A" grade from SSL testing tools with the default SSL settings. Smile
Previous Topic: URI
Next Topic: Text change iPhone 6 to Outlook?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 15:14:30 CEST 2017

Total time taken to generate the page: 0.00423 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.