Skip to content
vJAL.nl
  • Partners
    • Vembu
  • About me
  • Home
  • Search Icon
Quick tip: Controlling SEGv2 cipher suites and scoring an A+ at SSL Labs

Quick tip: Controlling SEGv2 cipher suites and scoring an A+ at SSL Labs

18 August 2021 Jesper Alberts Comments 1 comment

So you thought you and your security team would finally be best friends, as you’ve just deployed VMware’s Secure Email Gateway (SEGv2) to finally make Exchange ActiveSync a safer place.
Only to find out that same security team ran an SSL Labs test which came back with a B. There goes your friendship!

The issue you’re most likely facing is either the use of weak(er) ciphers or the fact that Forward Secrecy is not supported, which caps you at a B.

As you can read in the official documentation, it’s possible to edit the “seg-jvm-args.conf” file, which is located in the following location: /opt/vmware/docker/seg/container/config/.
This would require you to enable SSH access or use the vSphere console, which can become cumbersome if you have multiple UAG’s, especially when they are spread across several environments.

Luckily that same page tells you how to do it from a central location, configuring all your SEG’s at once.
It’s briefly covered in the “Configure Custom Gateway Settings” section, which states you can use a Key Value Pair (KVP) to configure the SEG appliances.

  1. From within the UEM console, go to Email and click Email Settings.
  2. On the configuration tab, click Advanced.
  3. Scroll down till you reach the Custom Gateway Settings section and click add row.
  4. Fill in the settings (don’t forget the hyphen) and edit the ciphers to your specific needs) shown in table 1.
  5. Click save.
KeyTypeValue
-Djdk.tls.disabledAlgorithmsStringMD5, RC4, TLSv1, SSLv2Hello, SSLv3, DSA, DESede, DES, 3DES, DES40_CBC, RC4_40, MD5withRSA, DH, 3DES_EDE_CBC, DHE, DH keySize < 1024, EC keySize < 224, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384
Table 1. Custom Gateway Settings


Once saved, the settings should propagate almost instantly to your SEG instances. This means it’s time to rerun the SSL Labs test!

And there you go, friends once more!

Please follow and like us:
Tweet

Secure Email Gateway, UAG
ITQ, SEG, SEGv2, SSL, SSLLABS, UAG

Post navigation

PREVIOUS
Parallel upgrading of Horizon Connection Servers (Horizon 8 2006+)
NEXT
Deploying and configuring the NVIDIA DLS licensing appliance

One thought on “Quick tip: Controlling SEGv2 cipher suites and scoring an A+ at SSL Labs”

  1. Pingback: Service – Week 34-2021 Workspace ONE Updates – Julius Lienemann

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s stay in touch!

Twitter
LinkedIn

Blog sponsors

Recent Posts

  • Vembu BDRSuite Backup for Microsoft 365 v5.1 hands-on experience [sponsored]
  • Deploying and configuring the NVIDIA DLS licensing appliance
  • Quick tip: Controlling SEGv2 cipher suites and scoring an A+ at SSL Labs
jesperalbertsJesper Alberts@jesperalberts·
23 May

It looks like @AgeRoskam, and I will be presenting at the @vmugnl about the @WorkspaceONE suite and how modern management can positively impact your daily operations while still providing a kick-ass employee experience! #vExpertEUC #ITQlife

The Dutch VMUG@vmugnl

De eerste #VMUGNL sessies zijn geaccepteerd en de sprekers zijn al geïnformeerd.

Gefeliciteerd en tot 14 juni in Utrecht.

Houd onze social media in de gaten, binnenkort delen we de agenda.

En schrijf je in op: http://vmugticketsemea.nl

Reply on Twitter 1528698463722123267Retweet on Twitter 15286984637221232675Like on Twitter 152869846372212326724Twitter 1528698463722123267
Retweet on TwitterJesper Alberts Retweeted
impauldirmannPaul Dirmann@impauldirmann·
22 May

If you're attempting your #vcdx, from one candidate to another I highly recommend joining the #slack channel and forming up a study group with others! In my case, it has proven to be helpful 10x over!

#vexpert #vcdx #vmware #dirmanntech

Reply on Twitter 1528403586958475265Retweet on Twitter 15284035869584752657Like on Twitter 152840358695847526510Twitter 1528403586958475265
jesperalbertsJesper Alberts@jesperalberts·
20 May

And that's a wrap for the first week of #CALAAC. Wow! This course exceeds all my expectations in any possible way. I'm tired but satisfied. Time to charge the battery and do some homework! #ITQlife

Reply on Twitter 1527645079887912960Retweet on Twitter 15276450798879129601Like on Twitter 152764507988791296013Twitter 1527645079887912960
jesperalbertsJesper Alberts@jesperalberts·
18 May

Hi @aprAmac! De Logitech Spotlight Presenter (910-004861) is momenteel nergens op voorraad bij jullie, maar lijkt wel te bestellen. Komt deze binnenkort weer op voorraad?

Reply on Twitter 1526862652785541120Retweet on Twitter 1526862652785541120Like on Twitter 1526862652785541120Twitter 1526862652785541120
jesperalbertsJesper Alberts@jesperalberts·
16 May

Day 1 of #CALAAC is here! #vExpert #ITQlife

Reply on Twitter 1526099039795785729Retweet on Twitter 15260990397957857291Like on Twitter 152609903979578572913Twitter 1526099039795785729
Load More...

Archives

  • March 2022
  • August 2021
  • January 2021
  • October 2020
  • August 2020

Categories

  • BCDR
  • Certification
  • Dynamic Environment Manager
  • Horizon
  • NVIDIA vGPU
  • Partners
  • Personal
  • PowerCLI
  • Secure Email Gateway
  • UAG
  • Uncategorized

Tags

Back-up BCDR Certificates Certification DEM Dynamic Environment Manager Horizon Identity Manager ITQ Job Licensing Microsoft 365 NVIDIA Personal PowerCLI Replication SEG SEGv2 SSL SSLLABS Troubleshooting True SSO UAG Upgrading VCAP VCIX Vembu vGPU VMware Tools VMware vSphere Workspace One Access
© 2022   All Rights Reserved.