Release Date: 24 May, 2018
Resolved Issues (6.4.4)
- The default length of Diffie-Hellman parameters offered by the built in Mail
Transfer Agents (MTAs) and web portals is now 2048 bits. This addresses
CVE-2015-4000 (PMX-196).
- Support for TLSv1.0 has been removed to comply with PCI standards. TLSv1.1 and
TLSv1.2 are supported (PMX-616).
- In new installations, for web portals and built-in MTAs, cipher chosen during
TLS handshake depends on server cipher order configured (PMX-614).
- In new PMX installations, the certificates used by web portals are now of 2048
key size (PMX-181).
- The default policy.siv file now utilizes the
pmx_cantscan test to determine if any errors were
found during the pmx_suspect_attachment test, for example
SOPHOS_SAVI_FILE_ENCRYPTED (PMX-812).
- An issue was resolved where delay.log was filling up with
error messages (PMX-806).
-
Improvements have been made to the behaviour of the
pmx-force-ssl-mode command (PMX-182).
-
Documentation was updated (PMX-796, PMX-441, PMX-192, PMX-440).