2
SmarterMail and POODLE?
Question asked by Michael Marquardt - October 22, 2014 at 12:12 PM
Unanswered
Will disabling the SSL 3.0 protocol affect client's access to the IMAP-SSL, POP3-SSL and SMTP-SSL ports?
 
Thanks!

3 Replies

Reply to Thread
0
Bruce Barnes Replied
October 23, 2014 at 7:57 AM
Here are a couple of articles which might help you both understand, and resolve, the POODLE SSL v3 vulnerability:
 
The second item includes information on enabling a couple of other minor security protocols.
 
Note that all of these fixes will break the ability of Windows XP machines to connect via SSL.
 
To allay fears about this issue being SmarterTools specific, this affects ALL OPERATING systems and certificates.  These windows solutions are provided because SmarterTools products require the Windows operating system and IIS to run under SSL..
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Michael Marquardt Replied
November 5, 2014 at 9:54 AM
Yeah we have TLS enabled.  Some of our users still use the SSL ports though (SMTP 465, POP3 995, and IMAP4 993).  I guess I just need to know if disabling SSL 3.0 entirely will cause these protocols to quit functioning (or, more accurately, how many support calls I'm going to get WHEN we disable SSL 3.0 entirely)
0
Bruce Barnes Replied
November 5, 2014 at 10:00 AM
You must disable SSL 3.0 to complete the process.
 
FYI, as of 1 December, 2014, Microsoft will be disabling all SSL 3.0 support on IIS and all Microsoft products, hosted and otherwise.
 
Here's a TechNet link on the process of disabling ithttps://www.digicert.com/ssl-support/iis-disabling-ssl-v3.htm
 
You can also see the appropriate KB on my portal, download the associate TXT file, rename it as a REG file and import into the registry to clean it all up, enable new protocols on Server 2003, Server 2008, and Server 2012.
 
 
Remember to REBOOT your server to allow the new registry settings to take effect.
 
Once you've done that, then test your new settings here:  https://www.ssllabs.com/ssltest/index.html
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread