Hi Guys,
We ran a vulnerability scan against our ProxMox Mail Gateway (5.0-61) and it came back with several issues all relating to TLS. Summary of the issues below:
1. TLS 1.0 supported, which is insecure
2. TLS 1.1 supported, which is insecure
3. SSL Anonymous ciphers supported
After some digging, turns out these issues can be addressed by modifying main.cf by adding something like the following:
smtpd_tls_protocols = TLSv1.2,!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_ciphers = high
The...
Read more
We ran a vulnerability scan against our ProxMox Mail Gateway (5.0-61) and it came back with several issues all relating to TLS. Summary of the issues below:
1. TLS 1.0 supported, which is insecure
2. TLS 1.1 supported, which is insecure
3. SSL Anonymous ciphers supported
After some digging, turns out these issues can be addressed by modifying main.cf by adding something like the following:
smtpd_tls_protocols = TLSv1.2,!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_ciphers = high
The...
Read more