Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12

Thread: Penetration testing of zimbra server

  1. #11
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Vannes, France
    Rep Power


    Quote Originally Posted by SmithMartinChristopher View Post
    I have now opened a ticket and have excluded what Support suggested. No dice on a fix.
    In addition, you should follow-up on the support case and if their answer really didn't work then get it confirmed as a bug and vote on it.


    Acompli: A new adventure for Co-Founder KevinH.

  2. #12
    Join Date
    May 2012
    Rep Power


    I got another mail from the support now, with some helpful links.

    Somebody already sent a bugreport about this problem for ZCS Version 7.1.4 (Bug 77756 – Setting attribute zimbraSSLExcludeCipherSuites does not exclude the cipher suite).

    There you have a link to openssl with mappings from cipher suites: OpenSSL: Documents, ciphers(1)

    I just used the mappings and excluded the ciphers again with the mapped name. Tomorrow when the vulnerabilit scanner comes by at the IP:Port where I had
    the problem I will know if it really solved my problem or not. I will let you know the result of this.

    In the bug report is also a link where you find the cipher suites supported by java/jetty: Java Cryptography Architecture Sun Providers Documentation

    Maybe this will help you guys.

    ADDED Fri 5 Oct 2012 15:54 CET:

    Ok guys, Nessus still reported the ciphers I excluded, also the ones that I excluded again two days ago with the name from the openssl mappings page. I will try to test it with sslscan and see if the result is different. But I don't know yet when I will find the time to do so.
    Last edited by boumi; 10-05-2012 at 06:56 AM.

Similar Threads

  1. Replies: 2
    Last Post: 12-28-2009, 03:21 PM
  2. Testing JDK 1.6.x with Zimbra 5.0.x
    By jsabater in forum Administrators
    Replies: 6
    Last Post: 03-26-2009, 03:18 AM
  3. Replies: 2
    Last Post: 10-02-2008, 12:56 PM
  4. Replies: 1
    Last Post: 09-19-2007, 11:42 AM
  5. copy/migrate users to new server for upgrade testing
    By mrluohua in forum Administrators
    Replies: 0
    Last Post: 03-05-2007, 07:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts