This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS 1.2 support for SMTP mail filter

We have set up Sophos XG to route incoming emails to our Office 365 tenant (which is working perfectly) however we are failing our security audit as the protocols supported by the mail filter are TLSv1.1 and TLSv1.2 using weak ciphers (see below).

Is there a way (in the GUI or CLI) to disable TLSv1.1 and give TLSv1.2 stronger ciphers (along with perfect forward secrecy support)?

This thread was automatically locked due to age.

Parents

0 Tom Maguire over 6 years ago

UPDATE:

So upgrading the Sophos XG to firmware v17.5.3 (MR3) gives us more ciphers for TLSv1.2 - but there is still no PFS (perfect forward secrecy) support.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Tom Maguire over 6 years ago

UPDATE:

So upgrading the Sophos XG to firmware v17.5.3 (MR3) gives us more ciphers for TLSv1.2 - but there is still no PFS (perfect forward secrecy) support.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data