Variables to support TLS

IceWarp Server currently supports TLS 1.2 and higher.

Should you need to use an older version, follow the steps below.

Please note that it is not recommended to downgrade TLS to version 1.1 or older due to security concerns.

sslservermethod = receive
sslclientmethod = send

To set these variables open the Console > File > API Console and enter one at a time in the Filter field.

C_System_Adv_Ext_SSLServerMethod
0 - Default (currently the same as 6; but will be increased in future according to the actual security trends)
1 - Deprecated (the same as 3)
2 - Deprecated (the same as 3)
3 - Support SSL3 and newer (SSL3;TLS1;TLS1.1;TLS1.2)
4 - Support TLS1 and newer (TLS1;TLS1.1;TLS1.2)
5 - Support TLS1.1 and newer (TLS1.1;TLS1.2)
6 - Support TLS1.2 and newer (TLS1.2) - same as 5 on Linux RHEL5 and RHEL6)
7 - Same as 6, but TLS1.3 will be disabled (required for client renegotiation for HTTP service and - require client certificate)

C_System_Adv_Ext_SSLClientMethod
0 - Default (currently the same as 6; but will be increased in future according to the actual security trends)
1 - Deprecated (the same as 3)
2 - Deprecated (the same as 3)
3 - Support SSL3 and newer (SSL3;TLS1;TLS1.1;TLS1.2) (Client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1;TLSv1.2 and permits a fallback to SSLv3)
4 - Support TLS1 and newer (TLS1;TLS1.1.TLS1.2) (Client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1; TLSv1.2)
5 - Support TLS1.1 and newer (TLS1.1;TLS1.2) (Client will send out TLSv1.1 client hello message including extensions and will indicate that it also understands TLSv1.2)
6 - Support TLS1.2 and newer (Client will send out TLSv1.2 client hello message) - same as 5)
7 - Same as 6, but TLS1.3 will be disabled