0

So I use Hardenize (https://www.hardenize.com/report/voltcloud.net/1601680765#email_tls) for my security stuff, and it gives my email a yellow sign because of this:

"Even though this server supports TLS 1.2, the cipher suite configuration is suboptimal. We recommend that you reconfigure the server so that the cipher suites providing forward secrecy (ECDHE or DHE in the name, in this order of preference) and authenticated encryption (GCM or CHACHA20 in the name) are at the top. The server must also be configured to select the best available suite."

There is also a yellow X on my "Server suite preference" I use iRedMail installed on my system because it was an "All in One" solution, and I don't know much about Linux or Ubuntu. Anyways, is there a way I could set this up? I tried asking on their forum, but they didn't explain this warning, just some code I put in my config that solved one issue but didn't solve the other. It uses Postfix and Dovecot, but I'm sure this warning is related to Postfix and not Dovecot. I could be wrong, though.

Thanks for any help, oh and I'm using Ubuntu 20.04.

Ize_Cubz
  • 3
  • 1
  • Its a fixed list. There will not be new cipher suite extensions for older TLS versions, so you can [just configure a list](https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=intermediate&openssl=1.1.1d&guideline=5.6). And no, you do not have to configure server suite preference.. neither choice is strictly better, both have issues. – anx Nov 05 '20 at 21:35

1 Answers1

1

You tested Postfix, so read this documentation: http://www.postfix.org/FORWARD_SECRECY_README.html

Marc Stürmer
  • 1,904
  • 13
  • 15