I did the test of https://www.ssllabs.com/ssltest/ and my grade it was F.
Look at this message:
Zimbra - this server is vulnerable to the openssl padding oracle vulnerability (cve-2016-2107) and insecure.
How can I fix this?
- Zimbra Collaboration 8.6 Patch 9 now available (includes fix for CVE-2017-8802). Read the announcement.
- Zimbra Collaboration 8.8.7 + Zimbra Connector for Outlook 8.8.7 are available.. Read the announcement.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub: https://github.com/Zimbra and check the Community Projects too: https://github.com/Zimbra-Community/
[SOLVED] Zimbra SSL Labs F Grade
Re: Zimbra SSL Labs F Grade
You should always give the full output of the followind command:
If you're not on the current version then I'd suggest you upgrade.
Code: Select all
xmcontrol -vIf you're not on the current version then I'd suggest you upgrade.
Regards
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Bill
Rspamd: A high performance spamassassin replacement
If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
Re: Zimbra SSL Labs F Grade
Thanks my friend, I fixed that problem with this:
Corrigir OpenSSL padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Edit /opt/zimbra/.bash_profile - add the following to the end of user zimbra's .bash_profile (requires root privs):
# workaround CVE-2016-2107
export OPENSSL_ia32cap="~0x200000200000000"
Edit sudoers - add the following line to your sudoers (/etc/sudoers or whatever is appropriate for your platform):
Defaults env_keep += "OPENSSL_ia32cap"
Configure postfix - instructs postfix to honor the desired environment variable:
$ zmlocalconfig -e postfix_import_environment='OPENSSL_ia32cap'
But now, I need resolve another issue:
This server supports anonymous(insecure)suites(see below for details). Grade set to F.
This server supports weak Diffie-Hellman(DH) key exchange parameters. Grade capped to B.
Corrigir OpenSSL padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
Edit /opt/zimbra/.bash_profile - add the following to the end of user zimbra's .bash_profile (requires root privs):
# workaround CVE-2016-2107
export OPENSSL_ia32cap="~0x200000200000000"
Edit sudoers - add the following line to your sudoers (/etc/sudoers or whatever is appropriate for your platform):
Defaults env_keep += "OPENSSL_ia32cap"
Configure postfix - instructs postfix to honor the desired environment variable:
$ zmlocalconfig -e postfix_import_environment='OPENSSL_ia32cap'
But now, I need resolve another issue:
This server supports anonymous(insecure)suites(see below for details). Grade set to F.
This server supports weak Diffie-Hellman(DH) key exchange parameters. Grade capped to B.
Re: Zimbra SSL Labs F Grade
Good morning I resolved my problem updating to the Zimbra 8.8.8 version.
Now my current grade is A.
Now my current grade is A.
Return to “Installation and Upgrade”
Who is online
Users browsing this forum: No registered users and 12 guests