ZCS 8.6: SMTPS is using insecure TLS/SSL settings

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
AWSguy
Posts: 12
Joined: Sat Sep 13, 2014 3:52 am

ZCS 8.6: SMTPS is using insecure TLS/SSL settings

Postby AWSguy » Thu Aug 11, 2016 5:26 pm

Hi all,

I've successfully managed to get an A+ rating from Qualys SSL Labs for my Zimbra webmail settings running on port 443.

However, when I use HT Bridge's SSL scanner (https://www.htbridge.com/ssl) to scan port 465 (SMTPS), I am receiving an "F" rating for that ports.

The problems listed are:;

- Weak DH parameter (1028 bits)
- 4 insecure ciphers
- Vulnerable to OpenSSL padding-oracle flaw (CVE-2016-2107)
- And a few other minor ones.

I have tried using Postfix PCI Compliance wiki document (https://wiki.zimbra.com/wiki/Postfix_PC ... nce_in_ZCS), but with no luck in improving my rating.

Any advice on how to improve SMTPS security?

Thanks in advance!


largonet
Posts: 1
Joined: Fri Mar 24, 2017 12:55 pm

Re: ZCS 8.6: SMTPS is using insecure TLS/SSL settings

Postby largonet » Fri Mar 24, 2017 7:17 pm

Hi all!
I have the same problem

- Vulnerable to OpenSSL padding-oracle flaw (CVE-2016-2107)



[zimbra@srv-mail ~]$ openssl version
OpenSSL 1.0.1j 15 Oct 2014
[zimbra@srv-mail ~]$ /opt/zimbra/bin/zmcontrol -v
Release 8.6.0_GA_1153.RHEL7_64_20141215151110 RHEL7_64 FOSS edition, Patch 8.6.0_P4.
[zimbra@srv-mail ~]$
philreynolds16
Posts: 10
Joined: Sat Sep 13, 2014 2:23 am

Re: ZCS 8.6: SMTPS is using insecure TLS/SSL settings

Postby philreynolds16 » Mon Apr 17, 2017 8:40 pm

I was wondering if you ever figured this out? Facing the same problem.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 23 guests