Thursday, April 30, 2015

HOWTO: check RC4 MD5/SHA support for SMTP over TLS

To recap  this previous thread, a sure way to test for support for RC4 and w/SMTP TLS  connections for mail.

http://socpuppet.blogspot.com.es/2013/02/testing-for-tls-support-wwwsmtp-with.html

You need to specify the RC4 ciphers in your offerings to the mail-server and see if you get connected.

I just found out today that google is accepting  RC4 MD5/SHA for mail;


Also other common mail systems support it also;


It's a mistake to assume the global system config with ; set strong-crypto disable  will block RC4 TLS connections. This command only blocks  RC4 for webGui access.

The my fortimail host  ( with and without strong-crypto enabled ) has nothing todo with SMTP and TLS connections.


The Enabling of FIPS mode operation is a sure way to disable and weak ciphers.


Ken Felix
Freelance Network/Security Engineer
kfelix  -----a----t---- socpuppets ---dot---com

    ^    ^
=( #  # )=
      @
      /   \


No comments:

Post a Comment