To eliminate TLS 1.1. on IceWarp you should know about the following variables:
C_System_Adv_Ext_SSLServerMethod
0 - Default (currently the same as 4; but will be increased in future according to the actual security trends)
1 - Deprecated (the same as 3)
2 - Deprecated (the same as 3)
3 - Support SSL3 and newer (SSL3;TLS1;TLS1.1;TLS1.2)
4 - Support TLS1 and newer (TLS1;TLS1.1;TLS1.2)
5 - Support TLS1.1 and newer (TLS1.1;TLS1.2)
6 - Support TLS1.2 and newer (TLS1.2) - same as 5 on Linux RHEL5 and RHEL6)
7 - Same as 6 but TLS1.3 will be disabled (required for client renegotiation for HTTP service and - require client certificate)
C_System_Adv_Ext_SSLClientMethod
0 - Default (currently the same as 4; but will be increased in future according to the actual security trends)
1 - Deprecated (the same as 3)
2 - Deprecated (the same as 3)
3 - Support SSL3 and newer (SSL3;TLS1;TLS1.1;TLS1.2) (Client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1;TLSv1.2 and permits a fallback to SSLv3)
4 - Support TLS1 and newer (TLS1;TLS1.1.TLS1.2) (Client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1; TLSv1.2)
5 - Support TLS1.1 and newer (TLS1.1;TLS1.2) (Client will send out TLSv1.1 client hello message including extensions and will indicate that it also understands TLSv1.2)
6 - Support TLS1.2 and newer (Client will send out TLSv1.2 client hello message) - same as 5)
7 - Same as 6 but TLS1.3 will be disabled
Comments
0 comments
Article is closed for comments.