Trustwave Knowledge Base

KB Home Search Latest Additions Most Popular

Knowledgebase

Home » Knowledgebase » Trustwave MailMarshal (SEG) » HOWTO: Configuring SSL Options for "unsafe legacy...

HOWTO: Configuring SSL Options for "unsafe legacy renegotiation"

Show/Hide Article Tools

This article applies to:

MailMarshal 10.1 and above
Advanced SSL options for Sender TLS
Allowing "Unsafe Legacy Renegotiation" for TLS

Question:

How do I allow "unsafe legacy renegotiation" for Sender TLS?
Need to negotiate TLS with legacy servers

Background:

Some older email servers still use TLS renegotiation methods that have been deprecated for many years. Current MailMarshal versions (10.0.7 and above) disallow these methods by default.

Procedure:

To allow "unsafe legacy renegotiation":

In the MailMarshal 10.1 Management Console, navigate to Configuration > Advanced Settings.
Add the following setting as required:
- Sender.SSLContextOptions (Integer)
  - Value: 262148
Apply configuration, and then restart the MailMarshal Sender service on each processing server.

Upgrade from 10.0.7 to 10.1

Some customers applied a Sender hotfix to release 10.0.7 for "unsafe legacy renegotiation". These customers must still apply the Advanced Setting in 10.1.

To ensure continuity, customers can create the Advanced Setting in 10.0.7 before upgrading to 10.1. It is not necessary to restart the Sender. The Advanced Setting will take effect immediately on upgrade.

Notes:

The setting takes a generic integer value to allow for any future requirements. However, only values specifically provided by Trustwave are supported.

To contact Trustwave about this article or to request support: