Hi all,

I use Zimbra 8.0.0 FOSS Edition on CentOS 6. After running a scan and testing the SSL configuration of my server, I decided to disable certain SSL cipher suites. These are the ones I disabled:
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Using this command:
zmprov mcf +zimbraSSLExcludeCipherSuites SSL_DHE_DSS_WITH_DES_CBC_SHA

My problem is, the last one (TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA) does not get disabled.
I can see that the command was picked up, because I find it in /opt/zimbra/jetty-distribution-7.6.2.z4/etc/jetty.xml.
But when I run the SSL test again it still shows that TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is active. All other cipher suites are disabled as expected.

Looking forward for your help.

Best,
Daniel