PizzaTime1991 Hello where are encrypted connections used in a typical grommunio setup and how to disable them without troubles at updates. For a very special setup we have to configure a grommunio installation without any encryption. thanks for help.
WalterH Which services you want without encryption? Most services works without encryption out of the box. Three examples: Admin Admin-Web-UI port 8080, IMAP port 143, SMTP port 25.
PizzaTime1991 WalterH the encryption has to be disabled on the whole installation. Every service has to be reachable only with unencrypted connections. Is there a way to disable the encrypted services without problems when updating or with the apps? The /web /chat, etc pages are avaliable with https:// only.
mwilliams PizzaTime1991 If you want to run with TLS offloading, there are options available, however the answer to such a solution is beyond a community request - and even in such cases - TLS-to-TLS-termination is more than common nowadays, since transporting credentials and data unencrypted over the wire is always a bad idea. no matter if "external" or "internal".
mwilliams This is something that won't happen from grommunio, since there is no possibility to run e.g. outlook without encryption and also any other (modern) solution mandates encryption (e.g. Exchange).
jengelh Stashed away in the MAPI profile internal data, one finds a PR_PROFILE_CONNECT_FLAGS property; the 0x2 bit (CONNECT_NO_RPC_ENCRYPTION) is always forcibly unset whenever a store logon is attempted, so that's the situation under Windows.
PizzaTime1991 @mwilliams the outlook or mapi connection isn't necessary. Its enough to connect to the webapp. We have to run the grommunio installation, in a research setup, where no critical or personal data is availiable. the use of encryption technologies is in this sector prohibited. So we have to disable all encryption and no ssl offloading.
WalterH PizzaTime1991 modify the nginx configuration to allow connecting to port 80 and disable the redirection to https. A more aggressive solution is: remove all certificates and again modify the nginx configuration so nginx do not requires a certificate.