Results 1 to 3 of 3

Thread: SSL cipher suites

  1. #1
    Daniel.W is offline Starter Member
    Join Date
    Dec 2012
    Posts
    1
    Rep Power
    2

    Default SSL cipher suites

    Hi all,

    I use Zimbra 8.0.0 FOSS Edition on CentOS 6. After running a scan and testing the SSL configuration of my server, I decided to disable certain SSL cipher suites. These are the ones I disabled:
    SSL_DHE_DSS_WITH_DES_CBC_SHA
    SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    SSL_DHE_RSA_WITH_DES_CBC_SHA
    SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
    SSL_RSA_EXPORT_WITH_RC4_40_MD5
    SSL_RSA_WITH_3DES_EDE_CBC_SHA
    SSL_RSA_WITH_DES_CBC_SHA
    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
    TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
    TLS_RSA_WITH_DES_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

    Using this command:
    zmprov mcf +zimbraSSLExcludeCipherSuites SSL_DHE_DSS_WITH_DES_CBC_SHA

    My problem is, the last one (TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) does not get disabled.
    I can see that the command was picked up, because I find it in /opt/zimbra/jetty-distribution-7.6.2.z4/etc/jetty.xml.
    But when I run the SSL test again it still shows that TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is active. All other cipher suites are disabled as expected.

    Looking forward for your help.

    Best,
    Daniel

  2. #2
    bsc8180 is offline Starter Member
    Join Date
    Dec 2012
    Posts
    2
    Rep Power
    2

    Default

    I have exactly the same issue on foss 8.0.1 on Ubuntu 12.04.
    Any help would be useful.

  3. #3
    bsc8180 is offline Starter Member
    Join Date
    Dec 2012
    Posts
    2
    Rep Power
    2

    Default

    I have logged a bug report for this.

    https://bugzilla.zimbra.com/show_bug.cgi?id=78991

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SSL Anonymous Cipher Suites Supported
    By PastorOfMuppets in forum Administrators
    Replies: 2
    Last Post: 06-10-2013, 09:14 AM
  2. Cipher Filtering for SMTP and SMTPS
    By aturner in forum Administrators
    Replies: 2
    Last Post: 08-08-2012, 09:51 AM
  3. [SOLVED] Fix Zimbra SSL weak cipher
    By shan in forum Administrators
    Replies: 5
    Last Post: 06-12-2010, 10:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •