SSL certificate related vulnerability

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
k_k
Posts: 46
Joined: Fri Sep 12, 2014 11:55 pm

SSL certificate related vulnerability

Postby k_k » Thu Nov 04, 2010 5:37 am

Hi,
After doing vulnerability assessment, we found below SSL related vulnerability :
1. SSL medium and weak cipher suites supported.

2. SSL certiicate signed with weak hashing algorithm

(The SSL certificate is signed using MD5 algorithm. This algorithm is weak and is vlunerable to collision attacks. )

3. SSL / TLS renegotiation handshakes MiTM plaintext data injection


Is there any way to fix this on permenent base ??
Please help me in this regards,
KK


k_k
Posts: 46
Joined: Fri Sep 12, 2014 11:55 pm

SSL certificate related vulnerability

Postby k_k » Mon Nov 08, 2010 1:38 am

Guys...please suggest regarding this concern...
k_k
Posts: 46
Joined: Fri Sep 12, 2014 11:55 pm

SSL certificate related vulnerability

Postby k_k » Sun Apr 10, 2011 11:50 pm

Can anyone please suggest what is the right way to fix these vulnerabilities ???
lytledd
Outstanding Member
Outstanding Member
Posts: 509
Joined: Sat Sep 13, 2014 12:54 am
ZCS/ZD Version: Ubuntu Release 8.8.15.GA.P13 FOSS

SSL certificate related vulnerability

Postby lytledd » Mon Apr 11, 2011 8:30 am

[quote user="k_k"]Can anyone please suggest what is the right way to fix these vulnerabilities ???[/QUOTE]
We got the same report from McAfee's scan. And, I found this wiki entry:
Cipher suites - Zimbra :: Wiki
Doug

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 23 guests