Zimbra & SSL ciphers hardening
When the SSL Server Test from https://www.ssllabs.com/ssltest/ is started on our 8.0.5 zimbra installation, the Overall Rating returned is only a "C" :
Protocol Suppor t90%
Key Exchange 40%
Cipher Strength 60%
With as potential issues: DoS Danger because Secure Client-Initiated Renegotiation is allowed, BEAST attack, forward secrecy, etc. and some ciphers considered as wear are also allowed.
I just tried to improve this situation by following the instructions of Setting up Zimbra for strong ciphers only | Liberty Systems & Software :
before: zimbraReverseProxySSLCiphers: !SSLv2:!MD5:HIGH
after: zimbraReverseProxySSLCiphers: ADH:!eNULL:!aNULL:!DHE-RSA-AES256-SHA:!SSLv2:!MD5:RC4:HIGH
but it changed nothing (after a complete restart). What else would you suggest to do ?
Thanks & regards !