Serra

  • Total activity 181
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 3
  • Subscriptions 42

Comments

Recent activity by Serra Recent activity Votes
    1. Community
    2. Security
    3. I need to disable TLS v1.0

    I got a warning from Trustwave today about ports 465, 2083 and 2087. Updated cipher requirements for exim to: tls_require_ciphers HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5:!aDH:!DH:!RC4-MD5:!RC4-SHA Upd...

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    They finally realized this was completely impossible and unrealistic. The date has been extended to June 2018. pcisecuritystandards.org/pdfs/15_12_18_SSL_Webinar_Press_Release_FINAL_%28002%29.pdf

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    Yea that is the downside. I had another one that was safer for legacy clients but once TLS 1.0 resulted in a PCI failure I had to scrap it. Hope my suggestion works for anyone in the same boat. :) ...

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    TLS/SSL Protocols !SSLv2:!SSLv3:!TLSv1 That was really the first configuration we tested. Works perfect, passes all of the Trustwave tests and gets an A+ for Qualsys SSL Labs. Of course the ...

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    There has been zero movement on this since we started this thread about the issue. I suspect that Microsoft will have to come up with a solution OR the compliance date will need to be moved. I've...

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    Here is an alternative approach, if your primary goal is just to get through the scan temporarily, while better solutions are developed That is a good work around. Right now, we only have to 'pas...

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    Same here. Just waiting for the stuff to hit the fan and this become an issue for people. Email is still an issue for me, I've remained compliant by getting an exception. However, Trustwave now ...

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    Scott, Serra shared a mitigation plan earlier, hope this helps: I used the same document for two companies now, so I believe it is good.

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    Thanks for the post. Have you tested any email clients against that dovecot configuration? The "-TLSv1" will break ALL versions of Outlook. I tested with 2007 and 2013 and both were broken. The...

    1. Community
    2. Security
    3. I need to disable TLS v1.0

    I was able to pass with a mitigation document for the email ports with TLSv1 on with these settings: Dovecot SSLCipherSuite: HIGH:!aNULL:!eNULL:!PSK:!RC4:!MD5 Protocols: !SSLv2 !SSLv3 !TLSv1 Exim...