The documentation is here:
https://wiki.zimbra.com/wiki/Enable_TLS1.3
I found that I also had to issue these commands:
Code: Select all
zmprov mcf -zimbraMailboxdSSLProtocols TLSv1
zmprov mcf -zimbraMailboxdSSLProtocols TLSv1.1
zmprov mcf +zimbraMailboxdSSLProtocols TLSv1.3
Code: Select all
zmprov gcf zimbraMtaSmtpTlsProtocols
zmprov gcf zimbraMtaSmtpdTlsProtocols
zmprov gcf zimbraMtaSmtpTlsMandatoryProtocols
zmprov gcf zimbraMtaSmtpdTlsMandatoryProtocols
I now get a B grade because of weak ciphers. I looked at the Zimbra wiki and it seems to be out of date. It shows last updated as of Zimbra 8.6
https://wiki.zimbra.com/wiki/Cipher_suites
Does anybody know what the latest version of cipher suites should be that only include TLSv1.2 and TLSv1.3 and pass modern SSL check sites?