Mailing List CGatePro@mail.stalker.com Message #106807
From: Thomas Bleek bl@gfz-potsdam.de <CGatePro@mail.stalker.com>
Subject: Re: Disabling RSA
Date: Fri, 13 Apr 2018 15:34:14 +0200
To: Discussions Pro CommuniGate <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.3445.6.18)
6.1.20 will solve this, I have tested the beta on a test machine.
tb


Am 13.04.2018 um 15:14 schrieb Jeff Wark jwark@tbaytel.net <CGatePro@mail.stalker.com>:


In response to the "Correcting TLS error" thread, I just attempted another SSL test using the site mentioned and our server is now vulnerable to the "Bleichenbacher's Oracle Threat" which appears to be fairly bad.

Is there a way to disable the RSA encryption on the CommuniGate server?
-Jeff

On 4/13/2018 8:50 AM, Jeff Wark jwark@tbaytel.net wrote:
>Here's to hoping something here might be helpful. I do remember finding various settings to be counter-intuitive at first (i.e.: The name sounded like it reduced security, the effect was to increase security).

That was the problem we had with that setting as well.  "CBC Ciphers for old TLS" is something I stared at for years without every thinking about it and I was under the impression it was to relax security.  When we put that setting in and did an SSL Server Test (https://www.ssllabs.com/ssltest), it made it so one of the TLS version had acceptable Ciphers instead of 3 that were considered dangerous.

If it was named "Used improved CBC Ciphers for old TLS", we would have implemented it years ago.

-Jeff


On 4/13/2018 8:43 AM, Tom Rymes trymes@rymes.com wrote:
Here's to hoping something here might be helpful. I do remember finding various settings to be counter-intuitive at first (i.e.: The name sounded like it reduced security, the effect was to increase security).


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>



#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

--
Dr. Thomas Bleek, Netzwerkadministrator
Helmholtz-Zentrum Potsdam
Deutsches GeoForschungsZentrum
Telegrafenberg A20/225
D-14473 Potsdam
Tel.: +49 331 288- 1818/1681 Fax.: 1730 Mobil: +49 172 1543233
E-Mail: bl@gfz-potsdam.de

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster