search cancel

Messaging Gateway: The option to 'Disable SSLv3 in all SMTP conversations' does not prevent RC4 ciphers from being used

book

Article ID: 163180

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

In order to pass a security audit, RC4 ciphers need to be completely disabled. Checking the option 'Disable SSLv3 in all SMTP conversations' does not stop the SMG advertising RC4 ciphers for SMTP TLS communications.

Cause

This is currently by design to allow older clients and servers to continue to work with the Messaging Gateway.

Resolution

If RC4 ciphers need to completely disabled, the command-line function to enable FIPS mode needs to be used. Complete instructions on how to do this are detailed here:

https://support.symantec.com/en_US/article.HOWTO77710.html