Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 7648 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can you disable TLS Encryption for all hosts instead of just a few?

Chris Shipley

The TLS SSL encryption isn't operating too well.  I've found 2 hosts I have to skip in opportunistic TLS.  How can I either a) turn opportunistic TLS off in MTA Mode, or b) add an "Any" host into the Skip TLS encryption list?  I can't add 0.0.0.0/0 as a host in Hosts and Services - and unlike in UTM9, the XG doesn't have predefined hosts for Internet IPv4 or Internet IPv6.

I can't spend my time digging through email logs wondering what host the opportunistic TLS is going to crash on next.



This thread was automatically locked due to age.
Parents
  • +1

    Hi Chris,

    even if i do not recommend this it can be done this way:

    Yours Lukas

  • 0 in reply to lna

    Ina, thanks for the clarification.  However the netmask on that nearly any definition only defines 2 IPs. 0.0.0.0 and 0.0.0.1 - is that going to do the trick, like is that the way I need to input since it covers 0.0.0.0, and thus it will then be the 0.0.0.0/0 I'm looking for, even if the subnet is /31?

    You're right, I'd much rather not have to do this as well.  Opportunistic TLS is awesome.  And when I use it in UTM9, it's great.  In XG Firewall, not so much.  I'm trying to get a bug I found with it defined in where if there are multiple recipients in a message, and the TLS encryption engine encounters an error, it freezes the message and only delivers to some (or no) recipients. 

Reply
  • 0 in reply to lna

    Ina, thanks for the clarification.  However the netmask on that nearly any definition only defines 2 IPs. 0.0.0.0 and 0.0.0.1 - is that going to do the trick, like is that the way I need to input since it covers 0.0.0.0, and thus it will then be the 0.0.0.0/0 I'm looking for, even if the subnet is /31?

    You're right, I'd much rather not have to do this as well.  Opportunistic TLS is awesome.  And when I use it in UTM9, it's great.  In XG Firewall, not so much.  I'm trying to get a bug I found with it defined in where if there are multiple recipients in a message, and the TLS encryption engine encounters an error, it freezes the message and only delivers to some (or no) recipients. 

Children