This article applies to:
Question:
Response:
SEG allows you to select a preferred level of encryption for TLS connections.
You can set the minimum cipher strength to LOW, MEDIUM or HIGH as per business requirements.
- High strength includes only the newest and most secure cipher suites, usually with 256 bit encryption
- Medium strength also includes many cipher suites with 128 bit encryption, and excludes older and less secure cipher suites
- Insecure Compatibility strength (known as Low strength in versions below 8.0) includes older and less secure cipher suites
Note that this is a minimum setting (the stronger ciphers will always be available and attempted first).
To set this option, see the TLS properties:
- Outbound Security (TLS), in SEG Properties (Trustwave SEG Properties, Sender Properties section)
- Inbound Security (TLS), in the properties of each processing node (Mail Servers > [select a server] > Server Properties
SEG also allows you to specify the protocol (SSL or TLS version) required for the connection. Refer to
- Article Q19541: Specify the protocol to use with TLS
Recommendations:
Trustwave recommends you evaluate these options based on organizational requirements.
However a minimum of Medium strength combined with high version level protocol would be recommended to ensure security. Lower strength ciphers are no longer considered to be secure.
- The "low" option has been renamed "Insecure Compatibility" to reflect that these ciphers should not be used, unless absolutely required.
Notes:
Using the latest released version of MailMarshal is always recommended to provide the best security.