Hello,
When we do a test on www.internet.nl/.../*ourdomain* we are getting the following errors back:
Key exchange parameters:
At least one of your mail servers supports insufficiently secure parameters for Diffie-Hellman key exchange.
DH-2048 insufficient
And the following:
Cipher order:
At least one of your mailservers does not enforce its own cipher preference ('I').
our domain : none
We are using Sophos UTM 9 version 9.707-5
How can we fix the errors on test?
Ahhh, I didn't read closely enough. I guess your TLS certificate is the problem. You can generate a new one with a 4096-bit key to replace the one you're currently using. Better luck with that…
OK, Wesley, my last guess. What happens if you temporarily put "Any" in ' Require TLS Negotiation Hosts/Nets'? If that doesn't do it, it's time to open a case with Sophos Support.
Thanks for the link to www.internet.nl/mail/{domain} - great tool!
Cheers - Bob
Hi Bob,
This was the first thing we tried ;)
Any4 and Any6 are listed.
How can i open a support ticket?
When i try to make a ticket i get the following message:
https://3.id.sophos.com/token_proxy
Hoi Wesley,
Since you're in Europe, if you don't have Premium Support, I think your reseller has to open a ticket for you. I'm in North America and that's not the case here.