Poodle - SSLv3 still active on SMTP-SSL (port 465) after using Wiki to disable
Posted: Thu Oct 16, 2014 4:21 am
Hi,
We have used the Wiki entry:
https://wiki.zimbra.com/wiki/How_to_disable_SSLv3
to disable SSLv3 in Zimbra 8.5 (3042 patch 8.5.0_P2) with Proxy
For the MTA we ran:
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
as zimbra then restarted, and checked on port 25 with:
openssl s_client -connect mail.example.com:25 -ssl3 -starttls smtp
and got a good 'ssl handshake failure'.
However the server is still responding to SSLv3 requests on SMTP-SSL port 465 using the following command (from the Wiki):
timeout 3 openssl s_client -connect mail.example.com:465 -ssl3
After completing the Wiki checking all other ports gives the correct 'ssl handshake failure', except port 465 where SSLv3 is still being happily negotiated...
Has anyone any idea why?
Thanks for your time!
We have used the Wiki entry:
https://wiki.zimbra.com/wiki/How_to_disable_SSLv3
to disable SSLv3 in Zimbra 8.5 (3042 patch 8.5.0_P2) with Proxy
For the MTA we ran:
zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3'
as zimbra then restarted, and checked on port 25 with:
openssl s_client -connect mail.example.com:25 -ssl3 -starttls smtp
and got a good 'ssl handshake failure'.
However the server is still responding to SSLv3 requests on SMTP-SSL port 465 using the following command (from the Wiki):
timeout 3 openssl s_client -connect mail.example.com:465 -ssl3
After completing the Wiki checking all other ports gives the correct 'ssl handshake failure', except port 465 where SSLv3 is still being happily negotiated...
Has anyone any idea why?
Thanks for your time!