I have 8.7.11 installed, and initially ran "zmdhparam set -new 3072". Later I thought everything was OK until I checked the SSL settings using sslscan from github. There it showed I had some 1024bit keys. I doubled checked using "openssl s_client -connect mail1:443 -cipher "EDH" | grep "Server Temp Key"" and this returned "Server Temp Key: DH, 1024 bits". Running this on the other mail server I do get "DH, 3072 bits".
First, is this stored in LDAP, mysql database, or in file /opt/zimbra/conf/dhparam.pem? I moved the file dhparam.pem to temp directory and reran zmdhparam set -new 3072. I see new file with the time stamp of when I ran the command. Restarted zimbra, and again I still have 1024 bit.
Can anyone help please? Quite sure I am doing something wrong here, but don't know what to correct
Help set dhparam - stuck with 1024 at moment
Re: Help set dhparam - stuck with 1024 at moment
So I have finally been able to successfully run zmdhparam set -new 3072, and when I run openssl s_client -connect mail1:443 -cipher "EDH" | grep "Server Temp Key" locally I do get Server Temp Key: DH, 3072 bits now. However when I run sslscan I still get;
Anyone have any ideas or suggestions?
Code: Select all
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 1024 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 1024 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits