 Strong crypto for imaps
So I was able to enable stronger SSLv3 only for the web interface via the server.xml.in file for tomcat
modifying the following for the "%%zimbraMailSSLPort%% Connector
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4 _128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"
And I was able do the same for SMTP via adding the following to main.cf
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
What I was unable to find was how to enable the same for IMAPS. I thought it would be in the server.xml since I believe it is the same instance of tomcat, however I was not able to find the correct config. Anyone know where I can find this Connector settings?
Here are the results of my testing using a script to cycle through the available openssl ciphers on port 443 vs 993.
./CryptoScan.rb MYSERVER.MYDOM.TLD:443
Results:
Server: MYSERVER.MYDOM.TLD:443
RC4-SHA is supported.
RC4-MD5 is supported.
RC4-MD5 is supported.
./CryptoScan.rb MYSERVER.MYDOM.TLD:993
Results:
Server: MYSERVER.MYDOM.TLD:993
EDH-RSA-DES-CBC3-SHA is supported.
DES-CBC3-SHA is supported.
DHE-RSA-AES128-SHA is supported.
AES128-SHA is supported.
RC4-SHA is supported.
RC4-MD5 is supported.
RC4-MD5 is supported.
EDH-RSA-DES-CBC-SHA is supported.
DES-CBC-SHA is supported.
EXP-EDH-RSA-DES-CBC-SHA is supported.
EXP-DES-CBC-SHA is supported.
EXP-RC4-MD5 is supported.
EXP-RC4-MD5 is supported.  | 
Bugzilla
Wiki
Source
Linear Mode
