Strong crypto for imaps

[skout23]

So I was able to enable stronger SSLv3 only for the web interface via the server.xml.in file for tomcat

modifying the following for the "%%zimbraMailSSLPort%% Connector
sslProtocol="SSLv3"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4 _128_SHA,SSL_DHE_RSA_W
ITH_3DES_EDE_CBC_SHA"


And I was able do the same for SMTP via adding the following to main.cf
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high


What I was unable to find was how to enable the same for IMAPS. I thought it would be in the server.xml since I believe it is the same instance of tomcat, however I was not able to find the correct config. Anyone know where I can find this Connector settings?

Here are the results of my testing using a script to cycle through the available openssl ciphers on port 443 vs 993.

./CryptoScan.rb MYSERVER.MYDOM.TLD:443

Results:
Server: MYSERVER.MYDOM.TLD:443
RC4-SHA is supported.
RC4-MD5 is supported.
RC4-MD5 is supported.


./CryptoScan.rb MYSERVER.MYDOM.TLD:993

Results:
Server: MYSERVER.MYDOM.TLD:993
EDH-RSA-DES-CBC3-SHA is supported.
DES-CBC3-SHA is supported.
DHE-RSA-AES128-SHA is supported.
AES128-SHA is supported.
RC4-SHA is supported.
RC4-MD5 is supported.
RC4-MD5 is supported.
EDH-RSA-DES-CBC-SHA is supported.
DES-CBC-SHA is supported.
EXP-EDH-RSA-DES-CBC-SHA is supported.
EXP-DES-CBC-SHA is supported.
EXP-RC4-MD5 is supported.
EXP-RC4-MD5 is supported.