Zimbra Forums

Zimbra Collaboration & Zimbra Desktop Forums
https://forums.zimbra.org/

SSL certificate related vulnerability

https://forums.zimbra.org/viewtopic.php?t=20059

Page 1 of 1

SSL certificate related vulnerability

Posted: Thu Nov 04, 2010 5:37 am
by k_k
Hi,
After doing vulnerability assessment, we found below SSL related vulnerability :
1. SSL medium and weak cipher suites supported.

2. SSL certiicate signed with weak hashing algorithm

(The SSL certificate is signed using MD5 algorithm. This algorithm is weak and is vlunerable to collision attacks. )

3. SSL / TLS renegotiation handshakes MiTM plaintext data injection


Is there any way to fix this on permenent base ??
Please help me in this regards,
KK

SSL certificate related vulnerability

Posted: Mon Nov 08, 2010 1:38 am
by k_k
Guys...please suggest regarding this concern...

SSL certificate related vulnerability

Posted: Sun Apr 10, 2011 11:50 pm
by k_k
Can anyone please suggest what is the right way to fix these vulnerabilities ???

SSL certificate related vulnerability

Posted: Mon Apr 11, 2011 8:30 am
by lytledd
[quote user="k_k"]Can anyone please suggest what is the right way to fix these vulnerabilities ???[/QUOTE]
We got the same report from McAfee's scan. And, I found this wiki entry:
Cipher suites - Zimbra :: Wiki
Doug
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited