I did the test of https://www.ssllabs.com/ssltest/ and my grade it was F.
Look at this message:
Zimbra - this server is vulnerable to the openssl padding oracle vulnerability (cve-2016-2107) and insecure.
How can I fix this?
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
Zimbra SSL Labs F Grade
Re: Zimbra SSL Labs F Grade
You should always give the full output of the followind command:
If you're not on the current version then I'd suggest you upgrade.
Code: Select all
xmcontrol -vIf you're not on the current version then I'd suggest you upgrade.
Regards
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Re: Zimbra SSL Labs F Grade
Thanks my friend, I fixed that problem with this:
Corrigir OpenSSL padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Edit /opt/zimbra/.bash_profile - add the following to the end of user zimbra's .bash_profile (requires root privs):
# workaround CVE-2016-2107
export OPENSSL_ia32cap="~0x200000200000000"
Edit sudoers - add the following line to your sudoers (/etc/sudoers or whatever is appropriate for your platform):
Defaults env_keep += "OPENSSL_ia32cap"
Configure postfix - instructs postfix to honor the desired environment variable:
$ zmlocalconfig -e postfix_import_environment='OPENSSL_ia32cap'
But now, I need resolve another issue:
This server supports anonymous(insecure)suites(see below for details). Grade set to F.
This server supports weak Diffie-Hellman(DH) key exchange parameters. Grade capped to B.
Corrigir OpenSSL padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Edit /opt/zimbra/.bash_profile - add the following to the end of user zimbra's .bash_profile (requires root privs):
# workaround CVE-2016-2107
export OPENSSL_ia32cap="~0x200000200000000"
Edit sudoers - add the following line to your sudoers (/etc/sudoers or whatever is appropriate for your platform):
Defaults env_keep += "OPENSSL_ia32cap"
Configure postfix - instructs postfix to honor the desired environment variable:
$ zmlocalconfig -e postfix_import_environment='OPENSSL_ia32cap'
But now, I need resolve another issue:
This server supports anonymous(insecure)suites(see below for details). Grade set to F.
This server supports weak Diffie-Hellman(DH) key exchange parameters. Grade capped to B.
Return to “Installation and Upgrade”
Who is online
Users browsing this forum: No registered users and 5 guests