Mailing List CGatePro@mail.stalker.com Message #106805
From: Jeff Wark jwark@tbaytel.net <CGatePro@mail.stalker.com>
Subject: Re: Correcting TLS error
Date: Fri, 13 Apr 2018 08:50:58 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
>Here's to hoping something here might be helpful. I do remember finding various settings to be counter-intuitive at first (i.e.: The name sounded like it reduced security, the effect was to increase security).

That was the problem we had with that setting as well.  "CBC Ciphers for old TLS" is something I stared at for years without every thinking about it and I was under the impression it was to relax security.  When we put that setting in and did an SSL Server Test (https://www.ssllabs.com/ssltest), it made it so one of the TLS version had acceptable Ciphers instead of 3 that were considered dangerous.

If it was named "Used improved CBC Ciphers for old TLS", we would have implemented it years ago.

-Jeff


On 4/13/2018 8:43 AM, Tom Rymes trymes@rymes.com wrote:
Here's to hoping something here might be helpful. I do remember finding various settings to be counter-intuitive at first (i.e.: The name sounded like it reduced security, the effect was to increase security).

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster