Hi all,
I've successfully managed to get an A+ rating from Qualys SSL Labs for my Zimbra webmail settings running on port 443.
However, when I use HT Bridge's SSL scanner (https://www.htbridge.com/ssl) to scan port 465 (SMTPS), I am receiving an "F" rating for that ports.
The problems listed are:;
- Weak DH parameter (1028 bits)
- 4 insecure ciphers
- Vulnerable to OpenSSL padding-oracle flaw (CVE-2016-2107)
- And a few other minor ones.
I have tried using Postfix PCI Compliance wiki document (https://wiki.zimbra.com/wiki/Postfix_PC ... nce_in_ZCS), but with no luck in improving my rating.
Any advice on how to improve SMTPS security?
Thanks in advance!
ZCS 8.6: SMTPS is using insecure TLS/SSL settings
Re: ZCS 8.6: SMTPS is using insecure TLS/SSL settings
Hi all!
I have the same problem
- Vulnerable to OpenSSL padding-oracle flaw (CVE-2016-2107)
[zimbra@srv-mail ~]$ openssl version
OpenSSL 1.0.1j 15 Oct 2014
[zimbra@srv-mail ~]$ /opt/zimbra/bin/zmcontrol -v
Release 8.6.0_GA_1153.RHEL7_64_20141215151110 RHEL7_64 FOSS edition, Patch 8.6.0_P4.
[zimbra@srv-mail ~]$
I have the same problem
- Vulnerable to OpenSSL padding-oracle flaw (CVE-2016-2107)
[zimbra@srv-mail ~]$ openssl version
OpenSSL 1.0.1j 15 Oct 2014
[zimbra@srv-mail ~]$ /opt/zimbra/bin/zmcontrol -v
Release 8.6.0_GA_1153.RHEL7_64_20141215151110 RHEL7_64 FOSS edition, Patch 8.6.0_P4.
[zimbra@srv-mail ~]$
-
philreynolds16
- Posts: 11
- Joined: Sat Sep 13, 2014 2:23 am
Re: ZCS 8.6: SMTPS is using insecure TLS/SSL settings
I was wondering if you ever figured this out? Facing the same problem.