In ZCS 5.0.5, the list of default SSL ciphers allowed by ZCS mailbox server and proxy server were changed to not allow weak ciphers. This change was done in bug 21204 at the behest of installations that use security scanners that raise an alarm when weak cipher suites are in use. However, some IMAP and POP clients (such as Versamail/Treo) can only work with weak cipher suites.
Administrators who have users using such mail clients are advised to restore
their SSL cipher suites to the old default:
zmprov mcf zimbraReverseProxySSLCiphers
'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
zmproxyctl stop
zmproxyctl start
We're going to document this in the ZCS 507 Release Notes. Please see
Bug 29065 – Palm IMAP over SSL fails after ZCS 505 upgrade for details.