This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cipher order and Key exchange parameters

Wesley van den Brink over 2 years ago

Hello,

When we do a test on www.internet.nl/.../*ourdomain* we are getting the following errors back:

Key exchange parameters:

At least one of your mail servers supports insufficiently secure parameters for Diffie-Hellman key exchange.

DH-2048 insufficient

And the following:

Cipher order:

At least one of your mailservers does not enforce its own cipher preference ('I').

our domain : none

We are using Sophos UTM 9 version 9.707-5

How can we fix the errors on test?

This thread was automatically locked due to age.

Top Replies

BAlfson over 2 years ago in reply to Wesley van den Brink +1

Ahhh, I didn't read closely enough. I guess your TLS certificate is the problem. You can generate a new one with a 4096-bit key to replace the one you're currently using. Better luck with that, Wesley…

0 BAlfson over 2 years ago in reply to Wesley van den Brink

OK, Wesley, my last guess. What happens if you temporarily put "Any" in ' Require TLS Negotiation Hosts/Nets'? If that doesn't do it, it's time to open a case with Sophos Support.

Thanks for the link to www.internet.nl/mail/{domain} - great tool!

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Wesley van den Brink over 2 years ago in reply to BAlfson

Hi Bob,

This was the first thing we tried ;)

Any4 and Any6 are listed.
Cancel
Vote Up 0 Vote Down

Cancel
0 Wesley van den Brink over 2 years ago in reply to BAlfson

How can i open a support ticket?

When i try to make a ticket i get the following message:

https://3.id.sophos.com/token_proxy

Registration Request - Action Required

Thank you for your registration request. Unfortunately, we are not able to process your request at this time without further information. Please contact the team to help get this resolved. In the meantime you can still access many of our self-service resources like the Sophos Community, product documentation, knowledge base, and Sophos Techvids.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 2 years ago in reply to Wesley van den Brink

Hoi Wesley,

Since you're in Europe, if you don't have Premium Support, I think your reseller has to open a ticket for you. I'm in North America and that's not the case here.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel