A-grade SSL Listeners

Advanced Configuration of Axigen

Documentation
Advanced Configuration of Axigen
A-grade SSL Listeners

Introduction

The team at Qualys (https://www.qualys.com/) have developed a very complex SSL Tester (https://www.ssllabs.com/) that enable administrators to asses and properly configure their SSL listeners.

On the other hand, the team at Mozilla published a detailed article (https://wiki.mozilla.org/Security/Server_Side_TLS) on SSL cipher suits and their compatibility with the plethora of Web browsers available on the Internet.

Mandatory requirement: run the latest version of the Axigen server.

Axigen Recommended SSL Cipher Suite List

Recommended SSL Cipher Suite to be configured in SSL Listeners tab:

SSL Listeners Recommended Configurations

Allowed SSL Versions:

TLS1.2, and TLS1.3

Use Cipher suite:

!AECDH:!ADH:!aNULL:!eNULL:!RC4:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!EDH:!EXPORT

Prefer server's cipher suite order:

Checked

Use Ephemeral Key:

Checked

SSLLabs Result


Axigen is a premium, scalable, all-in-one Windows & Linux mail server software. A free mail server version is available for personal and lab use, along with the business mail server and the MSP mail server, for Managed Service Providers, which also include features like personal organizer, groupware, AntiVirus, AntiSpam, or advanced security policies. The carrier-class ISP mail server solution completes the Axigen offering and comes with clustering support, delegated administration, extensive APIs, as well as a cloud-native, Kubernetes based deployment option.

Axigen uses cookies. By using our services, you’re agreeing to our Cookie Policy. GOT IT