Phone Lines icon GFI Support

Articles in this section

See more

Disabling TLS 1.0 on Kerio Control Box

Author: Luis Fernandes Updated

Overview

Administrators may fail PCI compliance scans because the TLS 1.0 protocol is still enabled on the Kerio VPN port 4090. This version of TLS is affected by multiple cryptographic flaws. This article covers the steps to properly disable TLS 1.0.

 

Back to top

 

Process

  1. Establish an SSH connection to the Kerio Control box.
  2. Enter cd /var/winroute to change to the directory /var/winroute/ to modify the file winroute.cfg

    5.png

  3. Enter vi winroute.cfg
  4. Scroll and look for a variable like this:

    6.png

    7.png

  5. Add TLSv1 to the DisabledProtocols line.
  6. You might find several entries with <table name="SSL'>, edit all the entries.

 

Back to top

 

Confirmation

Once all the changes have been completed and saved, restart the Control box and reattempt the scan.

 

Back to top