Please excuse me if this is in the wrong section,
Last week I upgraded our office server from v8.7.6 to 8.8.8 as part of our plans to make the server PCI compliant. I also followed some guides to harden the server. At some point, the web interface stopped working.
I can get the login page, I can enter my login details and once I click 'log in' nothing happens, it just sits there 'waiting for server'. I have searched the nginx logs but they show nothing out of the ordinary. I have compared to the config files to my home installation (which I upgraded before hand as a test) and nothing is different. I'm at a loss.
I must point out, that I CAN log in via port 8443, so I believe it is a proxy side of things.
Can anyone point me in the right direction on where to look or how to fix this? I can provide logs etc if needed.
Thanks in advance
T
Cannot login via the proxy
Re: Cannot login via the proxy
Days later, I've fixed it.
I set up a test server and discovered things stopped working when i made changes to mailboxd_java_options.
After adding '-Djavax.net.debug=ssl,handshake,data' to the options and tailing /opt/zimbra/log/zmmailboxd.out i got the following
Further searching lead me to the following file
/opt/zimbra/jetty_base/start.d/setuid.ini
and the line
zimbraMailboxdSSLProtocols=SSLv2Hello TLSv1.1 TLSv1.2
Adding 'TLVSv1' to that line and preforming a 'zmcontrol restart' fixed it.
I set up a test server and discovered things stopped working when i made changes to mailboxd_java_options.
After adding '-Djavax.net.debug=ssl,handshake,data' to the options and tailing /opt/zimbra/log/zmmailboxd.out i got the following
Code: Select all
qtp1684106402-147, fatal error: 40: Client requested protocol TLSv1 not enabled or not supported
javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
qtp1684106402-147, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
qtp1684106402-147, WRITE: TLSv1.2 Alert, length = 2
qtp1684106402-147, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported
/opt/zimbra/jetty_base/start.d/setuid.ini
and the line
zimbraMailboxdSSLProtocols=SSLv2Hello TLSv1.1 TLSv1.2
Adding 'TLVSv1' to that line and preforming a 'zmcontrol restart' fixed it.