[Info] SSL/TLS requirements of the Outlook Connector

[cs8rfe]

Just for information. I was not able to find this information anywhere, so I would like to share it here.

The Outlook Connector Version 8.7.10.1711 seems to support only SSL3 and TLSv1.0. If your Zimbra Server has disabled both, the Connector will not connect and throw errors like

Code: Select all

### ERROR ### WinHttpSendRequest(xxxxx.com:443) for 'AuthRequest' at 'UserSession::Auth#1746' returned ERROR_WINHTTP_CONNECTION_ERROR after 0ms. Client network adaptor down, or ZCS not running? SendRequestIntSynchronous#1654

I recorded the connecting attempts with Wireshark and saw only SSL3 and TLS1.0 Client Helos.
After re-enabling TLS1.0 with zmprov mcf zimbraReverseProxySSLProtocols TLSv1 the Outlook Connector worked as expected.

I haven’t found any informations about TLS1.2 support but I hope this will come soon because this is security related.

If you have more information on this topic, I would be glad to hear them

[phoenix]

I haven’t found any informations about TLS1.2 support but I hope this will come soon because this is security related.

If you have more information on this topic, I would be glad to hear them

Why don't you take a look in bugzilla to see if there's been any bug report or an RFE filed , if there is you can always vote on it and add your comments or file a bug report/RFE yourself or get in touch with Zimbra Support to voice your concerns.

[cs8rfe]

I haven’t thought of Bugzilla, thanks.

Seems to be on low priority and not very popular but is addressing the same problem.
https://bugzilla.zimbra.com/show_bug.cgi?id=100132
https://bugzilla.zimbra.com/show_bug.cgi?id=104976

By the way, the Zimbra Migrator seems to have the same lack of TLS1.2 support.
https://bugzilla.zimbra.com/show_bug.cgi?id=107660


This could be why there is no TLS1.0 exclude in this HowTo:
https://wiki.zimbra.com/wiki/How_to_obt ... urity_Test