1 Topic by kysil

  • kysil
  • kysil
  • Member
  • Offline
  • From: Kyiv, UA
  • Registered: 2015-02-21
  • Posts: 105

Topic: Non-compliant with NIST, HIPAA and PCI DSS

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:


Hi,
How can I disable some ciphers for ports 25?

My cert are bought.

https://www.htbridge.com/websec

Results:

Post's attachments

Screen Shot 2017-02-12 at 18.21.55.png 340.99 kb, file has never been downloaded. 

Screen Shot 2017-02-12 at 18.22.28.png 349.82 kb, file has never been downloaded. 

Screen Shot 2017-02-12 at 18.22.57.png 392.05 kb, file has never been downloaded. 

Screen Shot 2017-02-12 at 18.23.20.png 218.94 kb, file has never been downloaded. 

Screen Shot 2017-02-12 at 18.23.50.png 135.27 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,787

Re: Non-compliant with NIST, HIPAA and PCI DSS

*) If you're running Apache as web server, update its "SSLCipherSuite" parameter.
*) If you're running Nginx, update its "ssl_ciphers" parameter.

You can try to use "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" as their value, restart apache/nginx and try to testing again.