Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Security Update Required: Disabling Weak Ciphers / Security

Last post 05-08-2019, 20:18 by Tim W Young. 0 replies.
Sort Posts: Previous Next
  •  05-08-2019, 20:18

    Security Update Required: Disabling Weak Ciphers / Security

    I'm running Mercury 4.80.

    ScanMyServer.com is reporting the following items with Mercury.  I have weak authenticators disabled unless SSL-secured, but is there a way to go a step further and address these?

    Thanks 

     

    Sweet32 Birthday Attacks on 64-bit Block Ciphers in TLS and OpenVPN (DES-CBC3)
    SummaryThis test detects SSL ciphers DES-CBC3 supported by the remote service for encrypting communications.

    Weak Cipher DES-CBC3 found: (Cipher: DES-CBC3-SHA|SSLv3|Kx=RSA|Au=RSA|Enc=3DES(168)|Mac=SHA1) (Cipher: DES-CBC3-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=3DES(168)|Mac=SHA1)
    Portimaps (993/tcp)SolutionSee solution found at: https://www.openssl.org/blog/blog/2016/08/24/sweet32/External sourceshttps://sweet32.info/CVECVE-2016-2183Test ID19146

    SSL Medium Strength Cipher Suites Supported
    SummaryThe remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.

    Here is the only medium strength SSL cipher supported by the remote server:
    * Medium Strength Ciphers (>= 56-bit and < 112-bit key)
    * SSLv3 - DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 
    * TLSv1 - DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 
    The fields above are:
    * {OpenSSL ciphername}
    * Kx={key exchange}
    * Au={authentication}
    * Enc={symmetric encryption method}
    * Mac={message authentication code}
    * {export flag}
    Portimaps (993/tcp)SolutionReconfigure the affected application if possible to avoid use of medium strength ciphers.External sourceshttp://support.microsoft.com/kb/245030Test ID12076
    Deprecated SSL Protocol Usage
    SummaryThe remote service accepts connections encrypted using SSLv2 and/or SSLv3, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

    SSLv3
    Portimaps (993/tcp)SolutionConsult the application's documentation to disable SSL 2.0 and SSL 3.0, and use TLS 1.0 or newer.External sourceshttp://www.schneier.com/paper-ssl.pdfTest ID9329

     

View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page