You can improve the TLS security of your SMTP service by customizing the behavior of the encryption mode.
This feature is available in Artica v4.50 Service Pack 1 or Artica v4.50 Hotfix 20240124-15
- Inside the TLS/SSL mode, click on the “Minimum TLS cipher grade” link
¶ Minimum TLS cipher grade
By default the Minimum TLS cipher grade is set to medium.
The medium level use 128-bit or longer symmetric bulk-encryption keys.
This is the default minimum strength for mandatory TLS encryption
You can also change to
- High: Enable only "HIGH" grade OpenSSL ciphers.
- Low: Enable "LOW" grade or stronger OpenSSL ciphers. This cipher grade is always identical to "medium".
Recent versions of OpenSSL do not support any "LOW" grade ciphers.
¶ List of ciphers or cipher types to exclude field
Default value is : EXP, MEDIUM, LOW, DES, 3DES, SSLv2
You can add an additional list of ciphers or cipher types to be excluded from the SMTP server's list of ciphers at mandatory TLS security levels inside the “List of ciphers or cipher types to exclude” field
It is a simple list separated by whitespace and/or commas.
The elements are a single cipher, or one or more "+" separated cipher properties, in which case only ciphers matching all the properties are excluded.
Examples:
aNULL( disables anonymous ciphers)MD5, DES( disables ciphers that use the MD5 digest algorithm or the (single) DES encryption algorithm)DES+MD5( disables ciphers that use MD5 and DES together )AES256-SHA, DES-CBC3-MD5( disables the two ciphers "AES256-SHA" and "DES-CBC3-MD5" )kEDH+aRSA( disables ciphers that use "EDH" key exchange with RSA authentication )
¶
Ciphers field
Underlying cipherlist can be specified via the Ciphers configuration parameter, which you are strongly encouraged not to change
example: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES
Or
EECDH+AESGCM:EDH+AESGCM