8.8.15 Patch 15 - How to enable TLS v 1.3 support?

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Outstanding Member
Outstanding Member
Posts: 221
Joined: Sat Sep 13, 2014 2:26 am
ZCS/ZD Version: 8.8.15.GA.3829.UBUNTU14.64 -Patch 1

8.8.15 Patch 15 - How to enable TLS v 1.3 support?

Postby davidkillingsworth » Wed Jan 13, 2021 4:57 am


I noticed in the release note for Zimbra 8.8.15 Patch 15 that OpenSSL and Postfix TLS 1.3 support has been implemented:
https://wiki.zimbra.com/wiki/Zimbra_Rel ... 3_Packages

I also noticed in the release notes for Zimbra 8.8.15 Patch 17 that Nginx 1.19.0 support for TLSv1.3 has been implemented.

I do note that these are listed as "beta."

Does that mean that we can go ahead and enable TLS v 1.3 support?

If so, how do we do so and what are the implications?

If we do not have any Outlook 2010 clients, can or should we disable TLS v 1.0 and 1.1 support?


Posts: 5
Joined: Thu Jan 14, 2021 1:13 pm

Re: 8.8.15 Patch 15 - How to enable TLS v 1.3 support?

Postby jjakob » Thu Jan 14, 2021 1:28 pm

I tried to enable TLSv1.3 in 8.8.15p17, but nginx complained:

Code: Select all

[warn] 9488#0: invalid value "TLSv1.3" in /opt/zimbra/conf/nginx/includes/nginx.conf.web.https.default:41

Apparently TLSv1.3 is only available via a beta repository you need to manually add: https://wiki.zimbra.com/wiki/Nginx_PackageUpgrade
I'm not sure why this beta functionality was advertised in the patch 17 release. If you read the not bold and orange text, it links you to the above URL mentioning the beta package, which is easy to miss (since you're distracted by the bold orange text saying p17 adds support for TLSv1.3)

My updated Ubuntu 16.04 system only has zimbra-proxy-patch version p16. zimbra-patch is at p17 as expected. So not all component patches seem to be included in the main patch release.

Return to “Administrators”

Who is online

Users browsing this forum: Majestic-12 [Bot] and 7 guests