А какой сейчас набор шифров для TLS? И можно ли как-то их настроить для исходящих соединений?

С Cisco ESA 11.0.0 он смог договориться на TLSv1.0,DHE_AES256_SHA только после установки галки "CBC Ciphers for old TLS". Без неё ломился с SSLv3 и каким-то старым шифром, которого та не понимает и его не показывает в All Info.

-----Original Message-----
From: CommuniGate Pro Russian Discussions [mailto:CGatePro@ru.stalker.com]
Sent: Friday, August 25, 2017 6:11 PM
To: CommuniGate Pro Russian Discussions <CGatePro@ru.stalker.com>
Subject: Re: [CGP] CommuniGate Pro 6.1.17 is released

Здравствуйте.

Настоятельно рекомендуется обновление до этой версии, особенно если используется интерфейс Pronto HTML.

On 2017-08-25 18:00, support wrote:

Minor/Bug fix Release

The CommuniGate Pro 6.1.17 has been released:

== Valid Core License Keys: issued after the 1st of Feb, 2014 ==

This version is higly recommended for deployment as it includes protection from possible attacks to WebUser (regular and Pronto) sessions.

[]

History:
6.1.17 25-Aug-2017


* Pronto: Pronto! HTML Version 6.1.17 is included.
* MAPI: the MAPI Connector version 1.54.12.18 is included.
* WEBSKIN: extra protection from WebUser session stealing and cross-site scripting.
* WEBUSER: extra protection from WebUser session stealing and cross-site scripting.
* CALENDAR: updates to recurring items are processed even if original item is missing.
* TLS 1.2 compatibility with other implementations has been improved.
* SMTP: attacker IP is blacklisted also when errors are made in separate sessions.
* AIRSYNC: added workaround for task updates that miss task start time.
* Bug Fix: SMTP: some locally generated messages might be considered as relayed and blocked with restricted relaying settings.
* Bug Fix: HTTP: some requests with chunked encoding proxied to cluster backends might be processed incorrectly.
* Bug Fix: TLS: the server might crash on TLS handshake with incorrect elliptic curves parameters.