How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby jorgedlcruz » Wed Jun 24, 2015 5:51 am

Hi guys,


I am writing the next Wiki article about how to obtain the best score in the Qualys SSL Labs Security Test using the different Zimbra Collaboration Releases:



Is a Community Contribution Wiki, that you can edit if you have a Wiki account. If you have some expertise, or tweaks, or extra input, please add it to the Wiki, or let the feedback here. Could be great to have the best result in that test using Zimbra Collaboration, in their different Releases.


I'm waiting to hear from you.


Best regards!



Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
Fabio S. Schmidt
Advanced member
Advanced member
Posts: 183
Joined: Fri Apr 25, 2014 12:42 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby Fabio S. Schmidt » Wed Jun 24, 2015 7:57 am

Hi Jorge,

Congratulation for another great initiative !
Fabio S. Schmidt
Advanced member
Advanced member
Posts: 183
Joined: Fri Apr 25, 2014 12:42 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby Fabio S. Schmidt » Wed Jun 24, 2015 8:10 am

Hi Jorge,



What are the recommendations to fix the Logjam issue in the IMAP, POP and SMTP services? I mean, for the 8.6 version.



Zimbra 8.0.9 is already Poodle free, isn't?



Thank you !
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby jorgedlcruz » Wed Jun 24, 2015 8:35 am

Hi Fabio, I'm testing the Logjam in my lab, I will come later, and update the Wiki.



Zimba 8.0.9 should come with the Poodle fix, but the truth is that I've downloaded from the Website, and do a vanilla install 3 times, and always I had the Poodle issue, so following the steps in the Security Wiki fix it.



Is really strange as I thought also that 8.0.9 came with poodle fixed.
Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
Fabio S. Schmidt
Advanced member
Advanced member
Posts: 183
Joined: Fri Apr 25, 2014 12:42 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby Fabio S. Schmidt » Wed Jun 24, 2015 8:51 am

Hi Jorge,



Thanks for the Feedback, if there is anything that I could do to help in this tests just let me know.
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby jorgedlcruz » Fri Jun 26, 2015 9:35 am

Hi Fabio,


Following the steps in this Wiki, I obtain A+ with Proxy, or A without Proxy, in Zimbra Collaboration 8.6:



Then If I try the next test https://tools.keycdn.com/logjam in the different ports:



  • 993

  • 995

  • 465


I obtain in all of them that we are free of Logjam:



I've just updated yesterday with the procedure to protect a Zimbra Collaboration 8.6 without Proxy, not recommended.


Best regards!

Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
Fabio S. Schmidt
Advanced member
Advanced member
Posts: 183
Joined: Fri Apr 25, 2014 12:42 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby Fabio S. Schmidt » Fri Jun 26, 2015 11:37 am

Hi Jorge,



Thank you very much for the effort and congratulations for the work, you make all the difference to the Zimbra community.
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby jorgedlcruz » Fri Jun 26, 2015 6:34 pm

Hi Fabio,


Thank you so much for your words, I've updated the Wiki and now we have:



  • Zimbra Collaboration 8.6 with Proxy - A+

  • Zimbra Collaboration 8.6 without Proxy - A

  • Zimbra Collaboration 8.0.9 with Proxy - A

  • Zimbra Collaboration 8.0.9 without Proxy - A


In 8.0.9 I have the next in the SSL Labs scan that is the reason to not obtain the A+ I think:


Downgrade attack prevention No, TLS_FALLBACK_SCSV not supported (more info)


If you have any help that I can test to improve this results, let me know. But for now you can find a good results in the Wiki.


Best regards

Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby jorgedlcruz » Sat Jun 27, 2015 9:03 am

Hi guys,


The steps for Zimbra Collaboration 8.7 are also included, just a few commands and Zimbra Collaboration 8.7 is fully secure :)



Waiting for your feedback.


Best regards

Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
Fabio S. Schmidt
Advanced member
Advanced member
Posts: 183
Joined: Fri Apr 25, 2014 12:42 pm

How to obtain an A+ in the Qualys SSL Labs Security Test - Open Wiki

Postby Fabio S. Schmidt » Sat Jun 27, 2015 11:32 am

Hi,



Is there any way for the community to test Zimbra 8.7?

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 25 guests