The server does not prefer cipher suites
The server does not prefer cipher suites
Hi,
I have zimbra open source 8.8.15 and i have run security test and it shows "The server does not prefer cipher suites. We advise to enable this feature in order to enforce usage of the best cipher suites selected."
Can some one help me how to resolve this?
Regards
I have zimbra open source 8.8.15 and i have run security test and it shows "The server does not prefer cipher suites. We advise to enable this feature in order to enforce usage of the best cipher suites selected."
Can some one help me how to resolve this?
Regards
Re: The server does not prefer cipher suites
does anyone have any idea ?
Re: The server does not prefer cipher suites
Which 'security test' was this? Have you read the wiki article(s) on ciphers?
Re: The server does not prefer cipher suites
Hi, there was a few security scans and all shows that i dont have cipher order configured.
I have tried everything
I have tried everything
Re: The server does not prefer cipher suites
How about telling me which ones so I can verify them, you also didn't answer if you've read the wiki articles on ciphers
Re: The server does not prefer cipher suites
https://www.immuniweb.com/ssl/
Yes i have read everythin, i am facing this problem for few days and have read everything that is about cipher in wiki and google
Yes i have read everythin, i am facing this problem for few days and have read everything that is about cipher in wiki and google
Re: The server does not prefer cipher suites
Well, I've run that test and I don't see that message anywhere. I'd suggest you use the articles here:
https://wiki.zimbra.com/wiki/How_to_obt ... urity_Test
https://www.huuphan.com/2017/07/zimbra-qualys-a.html
Make the required changes and try the test again.
https://wiki.zimbra.com/wiki/How_to_obt ... urity_Test
https://www.huuphan.com/2017/07/zimbra-qualys-a.html
Make the required changes and try the test again.
Re: The server does not prefer cipher suites
Hi,
The problem is on port 25, on this port it shows this problem not on 443.
regards
The problem is on port 25, on this port it shows this problem not on 443.
regards
Re: The server does not prefer cipher suites
You should have mentioned that to start with, a full description of a problem and your attempts to fix it go a long way to an earlier resolution.spinx wrote:The problem is on port 25, on this port it shows this problem not on 443.
It's my understanding (although I'm no expert) is that this feature requires:
Code: Select all
tls_preempt_cipherlist = yes
-
- Posts: 28
- Joined: Fri Jun 09, 2017 2:05 pm
Re: The server does not prefer cipher suites
This is a good change. MTA encryption is usually opportunistic and will use plaintext so it's not a huge deal. That is a good tool though. Nessus did not find this on 25 for me.
The feature is since ssl3 so is still correct for tls.
Again, not much gain if you still support the worse ciphersuite of them all, NULL but that's the evil of email.
The feature is since ssl3 so is still correct for tls.
Again, not much gain if you still support the worse ciphersuite of them all, NULL but that's the evil of email.