This article applies to:
- MailMarshal 10.1 and above
- Advanced SSL options for Sender TLS
- Allowing "Unsafe Legacy Renegotiation" for TLS
Question:
- How do I allow "unsafe legacy renegotiation" for Sender TLS?
- Need to negotiate TLS with legacy servers
Background:
Some older email servers still use TLS renegotiation methods that have been deprecated for many years. Current MailMarshal versions (10.0.7 and above) disallow these methods by default.
Procedure:
To allow "unsafe legacy renegotiation":
- In the MailMarshal 10.1 Management Console, navigate to Configuration > Advanced Settings.
- Add the following setting as required:
- Sender.SSLContextOptions (Integer)
- Apply configuration, and then restart the MailMarshal Sender service on each processing server.
Upgrade from 10.0.7 to 10.1
Some customers applied a Sender hotfix to release 10.0.7 for "unsafe legacy renegotiation". These customers must still apply the Advanced Setting in 10.1.
- To ensure continuity, customers can create the Advanced Setting in 10.0.7 before upgrading to 10.1. It is not necessary to restart the Sender. The Advanced Setting will take effect immediately on upgrade.
Notes:
The setting takes a generic integer value to allow for any future requirements. However, only values specifically provided by Trustwave are supported.