Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Official Zimbra news, events, releases, and updates.
Post Reply
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2782
Joined: Thu May 22, 2014 4:47 pm

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Post by jorgedlcruz »

Fixed, we are also looking for what reason the TinyMCE do this strange things.



Thank you for your feedback metux!
Jorge de la Cruz https://jorgedelacruz.es
Systems Engineer at Veeam Software https://www.veeam.com/
Top
ljramos
Posts: 40
Joined: Fri Sep 12, 2014 10:42 pm
Location: USA
ZCS/ZD Version: 8.8.15_GA_3869.RHEL7_64_20190917004
Contact:
Contact ljramos

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Post by ljramos »

This is a good write-up for that

http://blog.capitar.com/getting-a-bette ... bs-rating/
Top
metux
Advanced member
Advanced member
Posts: 146
Joined: Mon Jul 28, 2014 6:21 pm

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Post by metux »

Interesting that we need the proxy for better SSL security.



hmm, why not completely offloading all the SSL handling (and probably other security stuff) to the proxy and so make mailbox a bit thinner ?
Top
n.sossonko
Advanced member
Advanced member
Posts: 68
Joined: Sat Sep 13, 2014 2:14 am

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Post by n.sossonko »

PSA: See https://wiki.zimbra.com/wiki/Security/Collab/86#MTA where there's some commentary on additional steps for 8.6. Specifically, these changes should be made as well:



postconf -e lmtp_tls_mandatory_protocols='!SSLv2, !SSLv3'

postconf -e smtp_tls_mandatory_protocols='!SSLv2, !SSLv3'

postconf -e smtpd_tls_mandatory_protocols='!SSLv2, !SSLv3'
Top
Post Reply

Return to “Announcements”