[SOLVED] Zimbra SSL Labs F Grade

Ask questions about your setup or get help installing ZCS server (ZD section below).
gsilva
Posts: 17
Joined: Tue Apr 10, 2018 3:55 pm

[SOLVED] Zimbra SSL Labs F Grade

Postby gsilva » Mon Apr 16, 2018 4:02 pm

I did the test of https://www.ssllabs.com/ssltest/ and my grade it was F.

Look at this message:

Zimbra - this server is vulnerable to the openssl padding oracle vulnerability (cve-2016-2107) and insecure.

How can I fix this?


phoenix
Ambassador
Ambassador
Posts: 25591
Joined: Fri Sep 12, 2014 9:56 pm

Re: Zimbra SSL Labs F Grade

Postby phoenix » Mon Apr 16, 2018 4:50 pm

You should always give the full output of the followind command:

Code: Select all

xmcontrol -v


If you're not on the current version then I'd suggest you upgrade.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
gsilva
Posts: 17
Joined: Tue Apr 10, 2018 3:55 pm

Re: Zimbra SSL Labs F Grade

Postby gsilva » Tue Apr 17, 2018 10:20 am

Thanks my friend, I fixed that problem with this:

Corrigir OpenSSL padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Edit /opt/zimbra/.bash_profile - add the following to the end of user zimbra's .bash_profile (requires root privs):
# workaround CVE-2016-2107
export OPENSSL_ia32cap="~0x200000200000000"


Edit sudoers - add the following line to your sudoers (/etc/sudoers or whatever is appropriate for your platform):
Defaults env_keep += "OPENSSL_ia32cap"

Configure postfix - instructs postfix to honor the desired environment variable:
$ zmlocalconfig -e postfix_import_environment='OPENSSL_ia32cap'

But now, I need resolve another issue:
This server supports anonymous(insecure)suites(see below for details). Grade set to F.
This server supports weak Diffie-Hellman(DH) key exchange parameters. Grade capped to B.
gsilva
Posts: 17
Joined: Tue Apr 10, 2018 3:55 pm

Re: Zimbra SSL Labs F Grade

Postby gsilva » Mon May 07, 2018 11:39 am

Good morning I resolved my problem updating to the Zimbra 8.8.8 version.

Now my current grade is A.

Return to “Installation and Upgrade”

Who is online

Users browsing this forum: No registered users and 10 guests