Thursday, April 30, 2015

HOWTO: check RC4 MD5/SHA support for SMTP over TLS

To recap  this previous thread, a sure way to test for support for RC4 and w/SMTP TLS  connections for mail.

You need to specify the RC4 ciphers in your offerings to the mail-server and see if you get connected.

I just found out today that google is accepting  RC4 MD5/SHA for mail;

Also other common mail systems support it also;

It's a mistake to assume the global system config with ; set strong-crypto disable  will block RC4 TLS connections. This command only blocks  RC4 for webGui access.

The my fortimail host  ( with and without strong-crypto enabled ) has nothing todo with SMTP and TLS connections.

The Enabling of FIPS mode operation is a sure way to disable and weak ciphers.

Ken Felix
Freelance Network/Security Engineer
kfelix  -----a----t---- socpuppets ---dot---com

    ^    ^
=( #  # )=
      /   \

No comments:

Post a Comment