When the SSL Server Test from https://www.ssllabs.com/ssltest/ is started on our 8.0.5 zimbra installation, the Overall Rating returned is only a "C" :

Certificate 100%
Protocol Suppor t90%
Key Exchange 40%
Cipher Strength 60%

With as potential issues: DoS Danger because Secure Client-Initiated Renegotiation is allowed, BEAST attack, forward secrecy, etc. and some ciphers considered as wear are also allowed.


I just tried to improve this situation by following the instructions of Setting up Zimbra for strong ciphers only | Liberty Systems & Software :

before: zimbraReverseProxySSLCiphers: !SSLv2:!MD5:HIGH
after: zimbraReverseProxySSLCiphers: ADH:!eNULL:!aNULL:!DHE-RSA-AES256-SHA:!SSLv2:!MD5:RC4:HIGH

but it changed nothing (after a complete restart). What else would you suggest to do ?

Thanks & regards !