Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Official Zimbra news, events, releases, and updates.
User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Postby jorgedlcruz » Fri Oct 31, 2014 7:37 pm

Fixed, we are also looking for what reason the TinyMCE do this strange things.



Thank you for your feedback metux!


Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
ljramos
Posts: 39
Joined: Fri Sep 12, 2014 10:42 pm
ZCS/ZD Version: 8.8.10_GA_3039.RHEL7_64_2018092809

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Postby ljramos » Fri Dec 19, 2014 9:26 am

This is a good write-up for that

http://blog.capitar.com/getting-a-better-zimbra-ssl-labs-rating/
metux
Advanced member
Advanced member
Posts: 146
Joined: Mon Jul 28, 2014 6:21 pm

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Postby metux » Fri Dec 19, 2014 3:13 pm

Interesting that we need the proxy for better SSL security.



hmm, why not completely offloading all the SSL handling (and probably other security stuff) to the proxy and so make mailbox a bit thinner ?
n.sossonko
Advanced member
Advanced member
Posts: 68
Joined: Sat Sep 13, 2014 2:14 am

Fixing the POODLE (SSLv3) vulnerability (ZCS 7.x, ZCS 8.0.x, ZCS 8.x)

Postby n.sossonko » Thu Jan 15, 2015 7:34 am

PSA: See https://wiki.zimbra.com/wiki/Security/Collab/86#MTA where there's some commentary on additional steps for 8.6. Specifically, these changes should be made as well:



postconf -e lmtp_tls_mandatory_protocols='!SSLv2, !SSLv3'

postconf -e smtp_tls_mandatory_protocols='!SSLv2, !SSLv3'

postconf -e smtpd_tls_mandatory_protocols='!SSLv2, !SSLv3'

Return to “Announcements”

Who is online

Users browsing this forum: No registered users and 2 guests