Friday, August 14, 2015

Fortimail disable SSLv3

Here's a means to  validate that SSLv3 is disable in a fortimail.  You can use openssl or your web-browser or a SSLv3 checker.


 Here's a proper disable sslv3 and sslv2  (  Fortimail Appliance )

 And a at risk site ( a apache website of mine for testing )

So ensure your fortimail appliance does not except sslv3 connections. In fact all of your website should be secured from sslv3 & sslv2 connections.

To disable sslv3 support;

confg sys gobal
    set strong-crypto enable

And you can test via the above link or via openssl;

SSLv3 is now known to have flaws and you should stay aware of the Vulnerabilities and any listed CVEs

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
      /  \

No comments:

Post a Comment