Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: Bad Record Mac/SSL Errors after upgrading to ZCS 8.0.3

  1. #11
    quanah is online now Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    @phoenix: Raragon is talking about the OpenSSL issue, not the java issue. Java issue was vavai.

    raragon: OpenSSL: Documents, ciphers(1) for getting a list of ciphers
    Postfix TLS Support has documentation on how to set the cipher suites used by postfix.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  2. #12
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by quanah View Post
    @phoenix: Raragon is talking about the OpenSSL issue, not the java issue.
    Ah, sorry about that.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #13
    raragon is offline Active Member
    Join Date
    Oct 2009
    Location
    Valencia, Spain
    Posts
    27
    Rep Power
    5

    Default

    @quanah. I found how to restrict cipher, but do you know which are the ciphers that are involved in the bug?

  4. #14
    quanah is online now Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    Quote Originally Posted by raragon View Post
    @quanah. I found how to restrict cipher, but do you know which are the ciphers that are involved in the bug?
    It is clearly listed in the log file you posted...

    Code:
    Apr 28 06:53:30 zmail postfix/smtpd[527]: Anonymous TLS connection established from unknown[192.168.1.7]: TLSv1 with cipher AES256-SHA (256/256 bits)
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  5. #15
    raragon is offline Active Member
    Join Date
    Oct 2009
    Location
    Valencia, Spain
    Posts
    27
    Rep Power
    5

    Default

    I know AES256-SHA is one of involved in the bug, but after denying this I found AES128-SHA also show the same problem. I can goes on trying and denying for every one if there isn't a list of problematics ciphers, but if the list exits it will be faster to deny all the ciphers involved.
    So, my question is, do you know ALL ciphers involved in this bug?

    Thanks.
    Last edited by raragon; 05-15-2013 at 09:47 AM.

  6. #16
    quanah is online now Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,262
    Rep Power
    10

    Default

    No, I do not.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  7. #17
    raragon is offline Active Member
    Join Date
    Oct 2009
    Location
    Valencia, Spain
    Posts
    27
    Rep Power
    5

    Default

    I solved the problem adding this line to main.cf (postfix/conf) file.

    smtpd_tls_exclude_ciphers = AES256-SHA, AES128-SHA

    This way TLS connections are using another cipher and they work right. Anyway I keep an eye on my logs.

    Thanks.

  8. #18
    daftu is offline Member
    Join Date
    Mar 2012
    Location
    Poland
    Posts
    12
    Rep Power
    3

    Default

    Quote Originally Posted by raragon View Post
    I solved the problem adding this line to main.cf (postfix/conf) file.

    smtpd_tls_exclude_ciphers = AES256-SHA, AES128-SHA

    This way TLS connections are using another cipher and they work right. Anyway I keep an eye on my logs.

    Thanks.
    Doesn't work for me.
    Few emails from queue was sent but after few minutes problem returns with another algoritms.
    Now my settings are:
    Code:
    smtpd_tls_exclude_ciphers = AES256-SHA, AES128-SHA, DHE-RSA-AES128-SHA, DHE-RSA-AES256-SHA
    Seems to be working.

  9. #19
    yogg is offline Intermediate Member
    Join Date
    Dec 2009
    Posts
    24
    Rep Power
    5

    Default

    Sorry to bring it up again, but is it fixed in 8.0.4?
    Can't find anything about this in the release notes.

  10. #20
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,480
    Rep Power
    56

    Default

    Quote Originally Posted by yogg View Post
    Sorry to bring it up again, but is it fixed in 8.0.4?
    The answer is in post #3 and I guess you'll also find the bug report in bugzilla or the Product Portal confirming it's inclusion

    Quote Originally Posted by yogg View Post
    Can't find anything about this in the release notes.
    Not everything is listed in the release notes, you can (and should) always check bugzilla & the Product Portal.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Errors in mysql_error.log after upgrading to Zimbra 8.0.0 GA
    By nitrogenetics in forum Administrators
    Replies: 8
    Last Post: 11-17-2012, 02:49 PM
  2. [SOLVED] Errors upgrading to 5.0.8NE
    By blazeking in forum Installation
    Replies: 5
    Last Post: 07-22-2008, 12:13 AM
  3. Replies: 5
    Last Post: 02-08-2008, 09:50 AM
  4. Integrity Report Errors when upgrading
    By gfdos.sys in forum Installation
    Replies: 1
    Last Post: 01-24-2008, 01:55 PM
  5. Upgrading to 3.1.3 errors sumary
    By kowell in forum Administrators
    Replies: 8
    Last Post: 06-25-2006, 12:11 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •