Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Accepting TLS connection that uses ECDHE cipher suites - Interscan Messaging Security Virtual Appliance (IMSVA)

    • Updated:
    • 17 Feb 2021
    • Product/Version:
    • Interscan Messaging Security Virtual Appliance All
    • Platform:
    • N/A
Summary

When an MTA server tries to connect to InterScan Messaging Security Virtual Appliance (IMSVA), an issue with ECDHE cipher occurs. ECDHE cipher suites use elliptic curve cryptography (ECC). This causes some messages to be rejected by IMSVA.

This article explains how to configure IMSVA to accept TLS connection that uses ECDHE cipher suites.

Details
Public

Checking if IMSVA already accepts ECDHE cipher suite

  1. Log in to IMSVA command-line interface as root.
  2. Execute the command below:
    # openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -cipher ECDHE-RSA-AES256-GCM-SHA384

    image.png

  3. Look for the following lines, which means that "ECDHE-RSA-AES256-GCM-SHA384" is not supported.
    New, (NONE), Cipher is (NONE)
    Secure Renegotioation is NOT supported
    

Configuring IMSVA to support ECDHE ciphers

  1. Log in to IMSVA command-line interface as root.
  2. Execute the command below:
    # postconf -e "smtpd_tls_eecdh_grade=strong"
  3. Reload the Postfix configuration:
    # postfix reload
  4. Run the following command to verify if ECDHE cipher is already accepted.
    # openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25 -cipher ECDHE-RSA-AES256-GCM-SHA384

Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
000285593
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.