search cancel

When SSLv3 option is disabled, Symantec Messaging Gateway (SMG) fails to negotiate cipher suites with MTAs that support SSLv3 cipher suites only

book

Article ID: 162761

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

When SSLv3 option is disabled by Protocols -> Settings -> SSL Restrictions -> Disable support for SSLv3 and earlier protocols in all SMTP TLS conversations, Symantec Messaging Gateway (SMG) 10.6.0-3 and SMG 10.6.0-5 fails to negotiate cipher suites in TLS sessions with MTAs that only support SSLv3/TLSv1.0 protocol.

Resolution

Symantec has addressed this issue in version 10.6.0-7.

To workaround the issue with version 10.6.0-3 and 10.6.0-5, these temporary workaround options should be considered:

  • Enable SSLv3 protocol by unchecking Protocols -> Settings -> SSL Restrictions -> Disable support for SSLv3 and earlier protocols in all SMTP TLS conversations. This will allow SMG to negotiate encrypted connection using much larger cipher suites list and will likely resolve all TLS communication issues.
  • Disable SMTP over TLS conversation on SMG
  • Downgrade to software version 10.5.4

If the receiving MTAs are local, enabling TLS1.2 on the local servers should also be considered.

For Microsoft Exchange servers, see the following information:

Microsoft Exchange 2013:
https://support.microsoft.com/en-us/kb/3045301

Microsoft Exchange 2010:
https://support.microsoft.com/en-us/kb/3029667