Accepting TLS connection that uses ECDHE cipher suites - Interscan Messaging Security Virtual Appliance (IMSVA)

Product / Version includes:

Interscan Messaging Security Virtual ApplianceAll

Last updated: 2023/08/10

Solution ID: KA-0011507

Category: Configure

Summary

When an MTA server tries to connect to InterScan Messaging Security Virtual Appliance (IMSVA), an issue with ECDHE cipher occurs. ECDHE cipher suites use elliptic curve cryptography (ECC). This causes some messages to be rejected by IMSVA.

This article explains how to configure IMSVA to accept TLS connection that uses ECDHE cipher suites.

Checking if IMSVA already accepts ECDHE cipher suite

Execute the command below:

# openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -cipher ECDHE-RSA-AES256-GCM-SHA384

^{Click the image to enlarge.}

Look for the following lines, which means that "ECDHE-RSA-AES256-GCM-SHA384" is not supported.
```
New, (NONE), Cipher is (NONE)
Secure Renegotioation is NOT supported
```

Configuring IMSVA to support ECDHE ciphers

Execute the command below:

# postconf -e "smtpd_tls_eecdh_grade=strong"

Reload the Postfix configuration:
```
# postfix reload
```
Run the following command to verify if ECDHE cipher is already accepted.
```
# openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -cipher ECDHE-RSA-AES256-GCM-SHA384
```
^{Click the image to enlarge.}

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Accepting TLS connection that uses ECDHE cipher suites - Interscan Messaging Security Virtual Appliance (IMSVA)

Checking if IMSVA already accepts ECDHE cipher suite

Configuring IMSVA to support ECDHE ciphers

Accepting TLS connection that uses ECDHE cipher suites - Interscan Messaging Security Virtual Appliance (IMSVA)

Product / Version includes:

Summary

Checking if IMSVA already accepts ECDHE cipher suite

Configuring IMSVA to support ECDHE ciphers