GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » TLS 1.3? (any known problems?)
help-browser.png  TLS 1.3? [message #149524] Tue, 23 March 2021 16:53 Go to next message
martin.kaufmann is currently offline  martin.kaufmann
Messages: 101
Registered: August 2018
Location: Germany
Hi all,

since Kerio Connect 9.3 supports TLS 1.3, we now want to deactivate TLS 1.0 and TLS 1.1.
Are there any known side effects when doing that?

We have about 400 users using:
activesync
Outlook Mac/EWS
Outlook Windows/KOFF
webaccess with various browsers.

What do we have to expect? Twisted Evil

Regards,
Martin


Kerio Connect 9.3.1 p1
CentOS 7
(until May ´22)

[Updated on: Tue, 23 March 2021 16:53]

Report message to a moderator

Re: TLS 1.3? [message #149823 is a reply to message #149524] Fri, 28 May 2021 08:45 Go to previous messageGo to next message
martin.kaufmann is currently offline  martin.kaufmann
Messages: 101
Registered: August 2018
Location: Germany
Update:
we deactiveted TLS 1.0 and 1.1 yesterday.

Surprisingly, everything seems to work: activesync, EWS, KOFF, webaccess, mobile phones.

Webaccess reacts with TLS 1.3 as it should.

Qualys shows an "A" rating for the security - and that makes me happy Smile

Regards,
Martin


Kerio Connect 9.3.1 p1
CentOS 7
(until May ´22)
Re: TLS 1.3? [message #149833 is a reply to message #149823] Tue, 01 June 2021 12:15 Go to previous messageGo to next message
zebby is currently offline  zebby
Messages: 154
Registered: March 2009
I can't find any documentation for this. Is it just an edit of mailserver.cfg?

EDIT: Found the documentation, if anyone else looking for this it is here:
https:// support.kerioconnect.gfi.com/hc/en-us/articles/360015191320- Configuring-SSL-TLS-Variables-in-Kerio-Connect

[Updated on: Wed, 02 June 2021 01:29]

Report message to a moderator

Re: TLS 1.3? [message #149840 is a reply to message #149823] Thu, 03 June 2021 08:33 Go to previous messageGo to next message
boisbleu is currently offline  boisbleu
Messages: 61
Registered: May 2015
@martin.kaufmann

which settings do you use?

<variable name="ClientTlsProtocols">TLSv1.3</variable>
<variable name="ServerTlsProtocols">TLSv1.3</variable>

???

@zebby

https://support.kerioconnect.gfi.com/hc/en-us/articles/36001 5191320-Configuring-SSL-and-TLS-Variables-in-Kerio-Connect

martin.kaufmann wrote on Fri, 28 May 2021 08:45
Update:
we deactiveted TLS 1.0 and 1.1 yesterday.

Surprisingly, everything seems to work: activesync, EWS, KOFF, webaccess, mobile phones.

Webaccess reacts with TLS 1.3 as it should.

Qualys shows an "A" rating for the security - and that makes me happy Smile

Regards,
Martin
Re: TLS 1.3? [message #149850 is a reply to message #149840] Tue, 08 June 2021 11:31 Go to previous messageGo to next message
martin.kaufmann is currently offline  martin.kaufmann
Messages: 101
Registered: August 2018
Location: Germany
No, we are just using
<variable name="ServerTlsProtocols">TLSv1.2</variable>

I think that means "1.2 at least".

Regards,
Martin


Kerio Connect 9.3.1 p1
CentOS 7
(until May ´22)
Re: TLS 1.3? [message #151394 is a reply to message #149850] Wed, 06 April 2022 16:53 Go to previous messageGo to next message
ZZZKOT is currently offline  ZZZKOT
Messages: 27
Registered: September 2019
martin.kaufmann wrote on Tue, 08 June 2021 11:31
No, we are just using
<variable name="ServerTlsProtocols">TLSv1.2</variable>

I think that means "1.2 at least".

Regards,
Martin
Hello, Martin!

Could you tell me if there were any problems from the moment TLS 1.0 and 1.1 was disabled in Kerio Connect config until today?

Thank you!
Re: TLS 1.3? [message #151400 is a reply to message #151394] Thu, 07 April 2022 10:59 Go to previous messageGo to next message
martin.kaufmann is currently offline  martin.kaufmann
Messages: 101
Registered: August 2018
Location: Germany
As I mentioned in may last year, we did not encounter any issues with TLS 1.3 so far.
*knock on wood* Smile


Kerio Connect 9.3.1 p1
CentOS 7
(until May ´22)
Re: TLS 1.3? [message #151402 is a reply to message #149524] Thu, 07 April 2022 15:39 Go to previous message
Backspin is currently offline  Backspin
Messages: 125
Registered: June 2008
Location: Amsterdam, the Netherland...
For people reading this thread, it's probably good to know that from Kerio Connect 9.4 upwards, the TLS options can be found in the Kerio admin gui: Configuration->Security->TLS options.
So editing of config files is not needed anymore.


Previous Topic: Office 2021?
Next Topic: Windows Server 2022
Goto Forum:
  


Current Time: Thu Dec 08 12:51:10 CET 2022

Total time taken to generate the page: 0.03139 seconds