GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » How to disable the RC4 cipher?
How to disable the RC4 cipher? [message #119584] Sun, 22 February 2015 09:41 Go to next message
gabrielbraga is currently offline  gabrielbraga
Messages: 16
Registered: March 2014
There is a way to disable the RC4 cipher on Kerio Control, we use it as reverse proxy...

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119587 is a reply to message #119584] Sun, 22 February 2015 13:28 Go to previous messageGo to next message
PPG is currently offline  PPG
Messages: 184
Registered: February 2010
Could this be the solution you're searching for: http://forums.kerio.com/mv/msg/17525/70795/#msg_70795 ?

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119588 is a reply to message #119587] Sun, 22 February 2015 16:21 Go to previous messageGo to next message
gabrielbraga is currently offline  gabrielbraga
Messages: 16
Registered: March 2014
PPG wrote on Sun, 22 February 2015 08:28
Could this be the solution you're searching for: http://forums.kerio.com/mv/msg/17525/70795/#msg_70795 ?


That post has nothing to do with my question.

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119605 is a reply to message #119588] Mon, 23 February 2015 19:31 Go to previous messageGo to next message
gabrielbraga is currently offline  gabrielbraga
Messages: 16
Registered: March 2014
Anyone?

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119615 is a reply to message #119584] Tue, 24 February 2015 02:10 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
AFAIK RC4 was disabled a while ago:

./fa/3759/0/

http://www.kerio.com/kerio-control-release-history-older-rel eases
  • Attachment: rc4.png
    (Size: 22.29KB, Downloaded 877 times)


PTSD. BP. OCD. ASPD. BPD. Certified.

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119628 is a reply to message #119615] Tue, 24 February 2015 14:05 Go to previous messageGo to next message
gabrielbraga is currently offline  gabrielbraga
Messages: 16
Registered: March 2014
In ssllabs.com test I'm receiving grade B, and them justify with these two lines:

This server accepts the RC4 cipher, which is weak. Grade capped to B. MORE INFO »
The server does not support Forward Secrecy with the reference browsers. MORE INFO »

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119659 is a reply to message #119628] Wed, 25 February 2015 18:13 Go to previous messageGo to next message
gabrielbraga is currently offline  gabrielbraga
Messages: 16
Registered: March 2014
Any explanation about that??

[Updated on: Thu, 26 February 2015 17:09]

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119819 is a reply to message #119584] Fri, 06 March 2015 17:42 Go to previous messageGo to next message
gabrielbraga is currently offline  gabrielbraga
Messages: 16
Registered: March 2014
Any answer ???

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119886 is a reply to message #119819] Tue, 10 March 2015 00:43 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
Don't have an answer, let me find out and get back to you.

M. 20122

PTSD. BP. OCD. ASPD. BPD. Certified.

[Updated on: Tue, 10 March 2015 01:07]

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119938 is a reply to message #119886] Wed, 11 March 2015 23:18 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
Once again, with some great help and here's an update for you:

RC4-SHA was re-added to Kerio Control as a fallback cipher suite for software which doesn't support Diffie Hellman key exchange (Kx=DH). Now we do understand that there are vulnurabilities with RC4, we also need to consider that there are users with older software that requires the use of Kx=RSA.

The only safe choice these days are cipher suites which provide Perfect Forward Secrecy.

While there are plans to further improve the security on Kerio Control, at this stage you can disable RC4 by setting EnableKxRSA=0 in winroute.cfg, but be warned that lot of (mostly old) clients stop working, because they have no cipher suites capable of Kx=DH.

M.

PTSD. BP. OCD. ASPD. BPD. Certified.

[Updated on: Wed, 11 March 2015 23:19]

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119939 is a reply to message #119938] Wed, 11 March 2015 23:41 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
For modifying the Kerio Control configuration you can use SSH. To enable SSH access, go to Status and while holding the shift key, select the System Health. You should see a button to enable SSH. Your login is root, and the password is your web administration password. Once connected via SSH, you can issue the following commands.
~ # /opt/kerio/winroute/tinydbclient "update ssl set EnableKxRSA=0"
~ # /etc/boxinit.d/60winroute restart

Brian Carmichael
Instructional Content Architect

Report message to a moderator

Re: How to disable the RC4 cipher? [message #119996 is a reply to message #119939] Thu, 12 March 2015 18:55 Go to previous message
gabrielbraga is currently offline  gabrielbraga
Messages: 16
Registered: March 2014
Thank you both!!!

Report message to a moderator

Previous Topic: Login redirection for non-standard port
Next Topic: webpage not open
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Jun 01 23:36:24 CEST 2023

Total time taken to generate the page: 0.06143 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software