SSLv2 to TLS 1.2

Hi Ryan,

SSH to UTM and follow the step:

Navigate to /var/chroot-smtp/etc/

Open the exim.conf with vi: vi exim.conf

Change(or add if missing) the line openssl_options to: openssl_options = +no_sslv3
at the end of the section #TLS

Note: Make sure that the values for tls_require_ciphers looks as follows before you save your changes:
RC4+RSA:HIGH:!MD5:!ADH:!SSLv2

Save your changes and close the editor: :wq

Now restart the smtpd service by executing /var/mdw/scripts/smtp restart

Thanks

Thats for he smtp service not the remote-access VPN settings.

Hi,

This cannot be changed. Open VPN will communicate on the parameter as in the attached screenshot.

Thanks

I found some interesting lines in the log.

 Line 1: DEPRECATED OPTION: --tls-remote, please update your configuration

Line 3: library versions: OpenSSL 1.0.1p

Is this something updated by Sophos through up2date and nothing can be changed manually by an administrator?

I found some interesting lines in the log.

 Line 1: DEPRECATED OPTION: --tls-remote, please update your configuration

Line 3: library versions: OpenSSL 1.0.1p

Is this something updated by Sophos through up2date and nothing can be changed manually by an administrator?

Ryan, I'd be interested in knowing if adding tls-version-min 1.2 or-highest to both client and server config files would work. If you have a paid subscription, I wouldn't do that though.  If that doesn't work, it could be because the Sophos client is an older version, so you may need to download the new client from OpenVPN.  Let us know!

Cheers - Bob

From the log file....OpenVPN 2.3.8 and  OpenSSL 1.0.1p. Current OpenVPN version is 2.6 and this version does not appear to allow a custom config file.

Looking at the man page it does appear that I must change the server config file to force TLS with a matching setting on the client.