Initial situation:

The SEPPmail Secure E-Mail Gateway was subjected to a security check (pen test). Here, it was found that the web interface (GINA) is vulnerable to, among others, RC4 attacks or an obsolete TLS version is used.

 

Cause 1:

In most cases, these notifications are caused by the fact the TLS tunnel is not terminated at the SEPPmail Secure E-Mail Gateway but at an upstream component (firewall).

 

Individual remedy:

Removing the safety gaps on the upstream system.

 

Cause 2:

If security gaps also occur when directly terminating the TLS tunnel at the SEPPmail Secure E-Mail Gateway, the corresponding settings for maximum compatibility are used.

 

Individual remedy:

Setting the checkmark under GINA Domains Settings Disallow insecure ciphers. This resolves the vulnerability to RC4 attacks on the SEPPmail Secure E-Mail Gateway but leads to incompatibilities with older systems.