The Mail Transfer Agent can be configured to use cryptography when exchanging email with a remote MTA. The security layer that the Protector uses in this process can be configured as well, to ensure that the mail transfer is only performed using strong algorithms.
The configuration can be done in E-Mail > Setup, in tab SSL/TLS.
In this page, you should first enable the use of an encrypted transmission protocol by enabling the SSL/TLS option. This is only possible if a certificate is available. You may choose to upload a certificate issued by a CA or create a self-signed certificate. This can be done in this page. Once the SSL/TLS option is enabled, the security layers can be customized.
By default the security layers known to be vulnerable to attacks are disabled, however they can be enabled if, for any reasons, you should need to use them.
You can choose different security layers for the different roles that the MTA plays in the email transmission: Server (when the MTA is contacted by a remote MTA for incoming mail) or Client (when the MTA connects to a remote MTA to send email).
It may happen that the Client side of the MTA must be configured with weaker security layers than on the Server side. This occurs when the remote agent that the Protector connects to, does not support the newest versions of TLS.
For backward compatibility, TLSv1 is enabled, but the suggestion is to disable it.
Cipher Suites are part of the SSL or TLS security layers. They are sets of algorithms that do the job of encrypting packets transmitted through the network connection. Each layer supports more than one Cipher Suite. There are Cipher Suites known to be weak even within a strong security layer, and for this reason, it is possible to exclude them from the set of used ciphers.
The Protector will use all the existing ciphers supported in each Security Layer, with the exception of those explicitly disabled. In this page, the weakest Cipher Suites are already disabled by default. Those ones without known vulnerabilities cannot be disabled and do not appear in the list.
A disabled Cipher Suite will not be used in any Security Layer, on both Client and Server sides.