Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page SSL certificate related vulnerability

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-04-2010, 03:37 AM
k_k k_k is offline
Active Member
  
Posts: 40
Default SSL certificate related vulnerability
Hi,

After doing vulnerability assessment, we found below SSL related vulnerability :

1. SSL medium and weak cipher suites supported.
2. SSL certiicate signed with weak hashing algorithm
(The SSL certificate is signed using MD5 algorithm. This algorithm is weak and is vlunerable to collision attacks. )
3. SSL / TLS renegotiation handshakes MiTM plaintext data injection


Is there any way to fix this on permenent base ??

Please help me in this regards,

KK
Reply With Quote
  #2 (permalink)  
Old 11-07-2010, 11:38 PM
k_k k_k is offline
Active Member
  
Posts: 40
Default
Guys...please suggest regarding this concern...
Reply With Quote
  #3 (permalink)  
Old 04-10-2011, 09:50 PM
k_k k_k is offline
Active Member
  
Posts: 40
Default
Can anyone please suggest what is the right way to fix these vulnerabilities ???
Reply With Quote
  #4 (permalink)  
Old 04-11-2011, 06:30 AM
Elite Member
  
Posts: 303
Default
Quote:
Originally Posted by k_k View Post
Can anyone please suggest what is the right way to fix these vulnerabilities ???
We got the same report from McAfee's scan. And, I found this wiki entry:

Cipher suites - Zimbra :: Wiki

Doug
__________________
Ben Franklin quote:

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.