This article applies to:
- MailMarshal 10.1 and above
- Advanced SSL options for Sender TLS
- Allowing "Unsafe Legacy Renegotiation" for TLS
Question:
- How do I allow "unsafe legacy renegotiation" for Sender TLS?
- Need to negotiate TLS with legacy servers
Background:
Some older email servers still use TLS renegotiation methods that have been deprecated for many years. Current MailMarshal versions (10.0.7 and above) disallow these methods by default.
Procedure:
To allow "unsafe legacy renegotiation":
- In the MailMarshal 10.1 Management Console, navigate to Configuration > Advanced Settings.
- Add the following setting as required:
- Sender.SSLContextOptions (Integer)
- Apply configuration, and then restart the MailMarshal Sender service on each processing server.
Upgrade from 10.0.7 to later versions
Some customers applied a Sender hotfix to release 10.0.7 for "unsafe legacy renegotiation". These customers must still apply the Advanced Setting to maintain the behavior in any later version.
- To ensure continuity, customers can create the Advanced Setting in 10.0.7 before upgrading. It is not necessary to restart the Sender. The Advanced Setting will take effect immediately on upgrade.
Notes:
The setting takes a generic integer value to allow for any future requirements. However, only values specifically provided by Trustwave are supported.