Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Administration
  3. Articles

Disabling TLS 1.0 on Kerio Control Box

Overview

Administrators may fail PCI compliance scans because the TLS 1.0 protocol is still enabled on the Kerio VPN port 4090. This version of TLS is affected by multiple cryptographic flaws. This article covers the steps to properly disable TLS 1.0.

 

Back to top

 

Process

  1. Establish an SSH connection to the Kerio Control box.
  2. Enter cd /var/winroute to change to the directory /var/winroute/ to modify the file winroute.cfg

    5.png

  3. Enter vi winroute.cfg
  4. Scroll and look for a variable like this:

    6.png

    7.png

  5. Add TLSv1 to the DisabledProtocols line.
  6. You might find several entries with <table name="SSL'>, edit all the entries.

 

Back to top

 

Confirmation

Once all the changes have been completed and saved, restart the Control box and reattempt the scan.

 

Back to top

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments