Our security scanner reported Zimbra severs support weak SSL cipher. I was trying to fix it by
adding additional cipher suites to zimbraSSLExcludeCipherSuites attribute.
It looks like this:
zmprov mcf zimbraSSLExcludeCipherSuites "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA S
SL_DHE_DSS_WITH_DES_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_WI
TH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_WITH_DES_CBC_SHA DES-CBC3-MD5 RC2-CBC-MD5 RC4-MD5 DES-CBC-MD5 EXP-ADH-
DES-CBC-SHA EXP-ADH-RC4-MD5 EXP-EDH-RSA-DES-CBC-SHA EXP-EDH-DSS-DES-CBC-SHA EXP
-DES-CBC-SHA EXP-RC2-CBC-MD5 EXP-RC4-MD5 EXP-RC2-CBC-MD5 EXP-RC4-MD5"
(all in one line).
I also tried use "SSLv2 LOW EXP" cipher names, but none of these seem taken effect, except the default ones that come with the Zimbra global configuration. I indeed flushed cache, and even restarted server.
What exactly the format I should use for the cipher names?