Zimbra Enabling SSLv3

(Formally Chit Chat) Anything Goes (Almost). Should be somehow Zimbra or communication related.
Post Reply
Koala
Posts: 9
Joined: Sat Nov 26, 2022 8:34 pm

Zimbra Enabling SSLv3

Post by Koala »

Hello all,

I have Zimbra version 10. However, my customers cannot use Zimbra 10 because they are still using Ubuntu version 9 and Mozilla version 5.
Will enabling SSLv3 solve the problem?

Apart from that, I have tried to install Thunderbird on Ubuntu 9, but the incoming email is still not coming, I can only send emails from Ubuntu 9.

Any advise? apart from updating the Ubuntu OS, because that is not possible now.

Thank You.
ghen
Outstanding Member
Outstanding Member
Posts: 257
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium
ZCS/ZD Version: 9.0.0

Re: Zimbra Enabling SSLv3

Post by ghen »

Apart from the usual advice of not using such horribly outdated and unsupported software ...
What `openssl version` do you have on Ubuntu 9? It could be that re-enabling TLS v1.0 is enough (as this TLS version was disabled in recent Zimbra patches). I really wouldn't re-enable SSLv3 on anything Internet connected.

Depending on whether you use nginx proxy or connect directly to mailboxd without proxy:

with proxy:

Code: Select all

zmprov gcf zimbraReverseProxySSLProtocols
zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.0
zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.1
zmprov gcf zimbraReverseProxySSLProtocols
without proxy:

Code: Select all

zmprov gcf zimbraMailboxdSSLProtocols
zmprov mcf +zimbraMailboxdSSLProtocols TLSv1.0
zmprov mcf +zimbraMailboxdSSLProtocols TLSv1.1
zmprov gcf zimbraMailboxdSSLProtocols
and restart Zimbra.
ghen
Outstanding Member
Outstanding Member
Posts: 257
Joined: Thu May 12, 2016 1:56 pm
Location: Belgium
ZCS/ZD Version: 9.0.0

Re: Zimbra Enabling SSLv3

Post by ghen »

Oh, and for proxy, you'll also need to disable FIPS mode, and set OpenSSL security level to 0 (append @SECLEVEL=0 to cipherstring).

See https://wiki.zimbra.com/wiki/FIPS and further instructions linked there.
Post Reply