Friday, August 14, 2015

Fortimail disable SSLv3

Here's a means to  validate that SSLv3 is disable in a fortimail.  You can use openssl or your web-browser or a SSLv3 checker.

e.g

https://foundeo.com/products/iis-weak-ssl-ciphers/

 Here's a proper disable sslv3 and sslv2  (  Fortimail Appliance )



 And a at risk site ( a apache website of mine for testing )


So ensure your fortimail appliance does not except sslv3 connections. In fact all of your website should be secured from sslv3 & sslv2 connections.

To disable sslv3 support;


confg sys gobal
    set strong-crypto enable
end

And you can test via the above link or via openssl;




SSLv3 is now known to have flaws and you should stay aware of the Vulnerabilities and any listed CVEs

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       o 
      /  \

No comments:

Post a Comment