Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. KerioControl
  2. KerioControl - Administration
  3. Articles

Disabling TLS Versions on Kerio Control

Overview

Administrators may fail PCI compliance scans because a deprecated TLS protocol is still enabled on the Kerio VPN port 4090. The older versions of TLS could be affected by multiple cryptographic flaws. This article covers the steps to properly disable any TLS versions.

 

Solution

  1. Establish an SSH connection to the Kerio Control box.
  2. Execute the following line:
    /opt/kerio/winroute/tinydbclient "update SSL set DisabledProtocols='SSLv2,SSLv3,TLSv1,TLSv1_1'"
  3. Reboot Kerio Control using the command below or any other way:
    /etc/boxinit.d/60winroute restart

Testing

Once all the changes have been completed and saved, and a restart of Kerio Control was performed, reattempt the PCI compliance scan.

 

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments