Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Security Update Required: Disabling Weak Ciphers / Security

Last post 06-19-2019, 18:19 by Tim W Young. 4 replies.
Sort Posts: Previous Next
  •  05-08-2019, 20:18

    Security Update Required: Disabling Weak Ciphers / Security

    I'm running Mercury 4.80.

    ScanMyServer.com is reporting the following items with Mercury.  I have weak authenticators disabled unless SSL-secured, but is there a way to go a step further and address these?

    Thanks 

     

    Sweet32 Birthday Attacks on 64-bit Block Ciphers in TLS and OpenVPN (DES-CBC3)
    SummaryThis test detects SSL ciphers DES-CBC3 supported by the remote service for encrypting communications.

    Weak Cipher DES-CBC3 found: (Cipher: DES-CBC3-SHA|SSLv3|Kx=RSA|Au=RSA|Enc=3DES(168)|Mac=SHA1) (Cipher: DES-CBC3-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=3DES(168)|Mac=SHA1)
    Portimaps (993/tcp)SolutionSee solution found at: https://www.openssl.org/blog/blog/2016/08/24/sweet32/External sourceshttps://sweet32.info/CVECVE-2016-2183Test ID19146

    SSL Medium Strength Cipher Suites Supported
    SummaryThe remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.

    Here is the only medium strength SSL cipher supported by the remote server:
    * Medium Strength Ciphers (>= 56-bit and < 112-bit key)
    * SSLv3 - DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 
    * TLSv1 - DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 
    The fields above are:
    * {OpenSSL ciphername}
    * Kx={key exchange}
    * Au={authentication}
    * Enc={symmetric encryption method}
    * Mac={message authentication code}
    * {export flag}
    Portimaps (993/tcp)SolutionReconfigure the affected application if possible to avoid use of medium strength ciphers.External sourceshttp://support.microsoft.com/kb/245030Test ID12076
    Deprecated SSL Protocol Usage
    SummaryThe remote service accepts connections encrypted using SSLv2 and/or SSLv3, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

    SSLv3
    Portimaps (993/tcp)SolutionConsult the application's documentation to disable SSL 2.0 and SSL 3.0, and use TLS 1.0 or newer.External sourceshttp://www.schneier.com/paper-ssl.pdfTest ID9329

     

  •  06-14-2019, 15:33

    • FJR is not online. Last active: 2019-06-19, 15:09 FJR
    • Top 25 Contributor
    • Joined on 05-10-2007
    • Dortmund / Germany
    • Star
    • Points 7,565

    Re: Security Update Required: Disabling Weak Ciphers / Security

    In the configuration of the IMAP Server on SSL tab you have enabled (depreciated) direct-connect-SSL on port 993. Disable it after changing the mailclient(s) to TLS / StartTLS on Port 143. Should at least resolv problem 3.

    The others I don't know ...

    bye    Olaf

     

  •  06-14-2019, 18:42

    • Sellerie is not online. Last active: 2019/08/07, 21:50 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,145

    Re: Security Update Required: Disabling Weak Ciphers / Security

    Do you really need imap-access from the world? If not then i suggest to use a vpn or ask http://community.pmail.com/members/Rolf+Lindby.aspx for a link to the new beta version. Or you could use stunnel once again...
  •  06-19-2019, 18:18

    Re: Security Update Required: Disabling Weak Ciphers / Security

    Thanks!
  •  06-19-2019, 18:19

    Re: Security Update Required: Disabling Weak Ciphers / Security

    Unfortunately I do.  I've requested access to the beta.  Thanks!
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page