Hmmm, I don't get the logic of 'turning off ssl2' to increase security, so
then a client that can only use ssl2 has to use plain text, which is definitely
not as secure as ssl2.... :-) But anyway, it's a bit accademic as old clients
that require ssl2 probably hardly exist anymore.
This setting will help with your score... (restart surgemail after
Once we have the new builds stable then an upgrade and some more setting
will get you a higher rating. I suggest you wait until next week if you
don't have an immediate problem.
When I run:
on my SurgeMail server it gets an F grade.
It is running on a Windows server box and only Surgemail uses port 443
SurgeMail Version 6.5a-1, Built Sep 9 2013 12:52:22, Platform Windows
In particular, the test notes that:
* This server is not vulnerable to the Heartbleed attack. (Yay!)
* This server supports SSL 2, which is obsolete and insecure. Grade set
to F. (Boo!)
* The server supports only older protocols, but not the current best TLS
1.2. Grade capped to B. (Boo!)
Is there any way to harden SurgeMail to raise these ratings? A
Surgemail.ini setting or two? Or does in need a new build?