Zimbra 7 TLS 1.2 Support

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
Charan
Posts: 1
Joined: Tue Nov 27, 2018 9:48 pm

Zimbra 7 TLS 1.2 Support

Post by Charan »

We have a customer, where they are on Zimbra 7 , and are using TLS 1.0 connection. We want to upgrade the TLS version to at least 1.2. Please let me know, if we can do that, and what steps I need to perform for the same.

Thanks
User avatar
L. Mark Stone
Ambassador
Ambassador
Posts: 2796
Joined: Wed Oct 09, 2013 11:35 am
Location: Portland, Maine, US
ZCS/ZD Version: 10.0.6 Network Edition
Contact:

Re: Zimbra 7 TLS 1.2 Support

Post by L. Mark Stone »

Charan wrote:We have a customer, where they are on Zimbra 7 , and are using TLS 1.0 connection. We want to upgrade the TLS version to at least 1.2. Please let me know, if we can do that, and what steps I need to perform for the same.

Thanks
Zimbra 7 is so far past end of life it is not even listed in Zimbra's current life cycle policy: https://www.zimbra.com/support/support- ... lifecycle/

Suggest your customer do a side-by-side migration a currently supported version of Zimbra.

FWIW, I can confirm that Zimbra 8.8.10 works well with the proxy component limited to TLS 1.2 only. You can read my blog post about this here: http://www.missioncriticalemail.com/201 ... nly-tls12/

Hope that helps,
Mark
___________________________________
L. Mark Stone
Mission Critical Email - Zimbra VAR/BSP/Training Partner https://www.missioncriticalemail.com/
AWS Certified Solutions Architect-Associate
User avatar
mutface
Posts: 29
Joined: Sat Sep 13, 2014 12:32 am
Location: Hong Kong
Contact:

Re: Zimbra 7 TLS 1.2 Support

Post by mutface »

I personally much prefer Zimbra 7 to Zimbra 8.x - there's virtually nothing new in Zimbra 8.x; even the interface and user experience seems to be a step backward.

So we are currently looking at ways to get TLS1.2 to work on Zimbra 7.

It looks like this directory might be relevant:-
/opt/zimbra/java/jre/lib/security/

and then we have to update the ciphers....

Will keep you posted on how we get on.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra 7 TLS 1.2 Support

Post by phoenix »

mutface wrote:I personally much prefer Zimbra 7 to Zimbra 8.x -
You're wrong and foolhardy to think that, there are many security fixes in the recent versions of ZCS - if you value the security of your users and ZCS server then you'd be advised to upgrade at the earliest opportunity.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
mutface
Posts: 29
Joined: Sat Sep 13, 2014 12:32 am
Location: Hong Kong
Contact:

Re: Zimbra 7 TLS 1.2 Support

Post by mutface »

Name 3 security fixes that are critical.

The user interface for Zimbra 8 is not as good as Zimbra 7; that's my personal preference.
phoenix
Ambassador
Ambassador
Posts: 27272
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Re: Zimbra 7 TLS 1.2 Support

Post by phoenix »

mutface wrote:Name 3 security fixes that are critical.
You must be joking! The security of your server is your responsibility, if you can't be bothered to check for yourself I'm certainly not going to do it and I think your attitude to the security of your server and the security of your users totally irresponsible.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
User avatar
jogerj
Posts: 6
Joined: Wed Jul 22, 2020 9:10 am

Re: Zimbra 7 TLS 1.2 Support

Post by jogerj »

mutface wrote:Name 3 security fixes that are critical.

The user interface for Zimbra 8 is not as good as Zimbra 7; that's my personal preference.
Heartbleed for one.

If you're dependent on Zimbra's user interface you're doing it wrong. Just use another mail client like Outlook to get stuff off/on your mail server.

Running outdated server is very irresponsible and you may be liable if your client get hacked because you discouraged them from upgrading.
Post Reply