Code: Select all
I've tried this article:
https://wiki.zimbra.com/wiki/How_to_obt ... urity_Test
and run (as user zimbra)
Code: Select all
zmdhparam set -new 2048
and then ran "zmproxyctl restart" and I still have the same issue of "weak DH keys" according to Qualys SSL test.
I've also edited "/opt/zimbra/conf/nginx/templates/nginx.conf.web.https.default.template" and "/opt/zimbra/conf/nginx/templates/nginx.conf.web.http.template" replacing:
Code: Select all
${web.ssl.dhparam.enabled}ssl_dhparam ${web.ssl.dhparam.file};
with
Code: Select all
${web.ssl.dhparam.enabled}ssl_dhparam /opt/zimbra/conf/dhparam.pem
and run zmproxyctl restart and I still have the same issue!
I can see /opt/zimbra/conf/dhparam.pem has the date/time modification stamp from when I ran the zmdhparam command from above, but it seems it is not being picked up.
I can also see that zmdhparam modifies zimbraSSLDHParam by running "zmprov gcf zimbraSSLDHParam"
Any idea why running the commands from the article above doesn't seem to work on my install?
Thank you,
Robert