PFS (Perfect Forward Secrecy) for SMTP still not active

It should be in since 9.207, just not manually configurable.

From the feature request site:  

In 9.207, the SMTP relay will prefer to use a DHE family algorithm, which does support PFS. This is not directionally dependent, so this will equally support PFS for inbound and outbound connections.

9.207 release notes:  https://blogs.sophos.com/2014/10/01/utm-up2date-9-207-released/

I think it's not working see other post.
https://community.sophos.com/products/unified-threat-management/astaroorg/f/56/t/49944

Yep, looks like it was broken recently.  If you have a paid license, please open up a ticket with support.  That's the only way to get it fixed.

I have submitted two cases about this with no resolution. The most-recent one was on January 8, 2016 and my most recent communication with Support concerning this was on 2 February.

Cheers - Bob

Hi Bob,

any updates on this?
3 Months later and on version 9.402 its still not working (just have checked it)!
Web Server protection does PFS, it cant be so difficult to copy the cipher config over to SMTP, isnt it?

Hello,

any update?? It would be so important that this works without any failure!!

Thanks Sophos for any workaround.

Best regards

Now it works!

Thanks!

Hey! Great news!

However for me it still doesnt work.
I have tested with: https://ssl-tools.net/mailservers

Which version of UTM are you on?

Hey Edmund ,

version 9.403-4 is running.

Don't forget to refresh ssl tools test.

Best regards

Hip Hip Hooray!

This also works on 9.355.

Cheers - Bob