Results 1 to 6 of 6

Thread: Z-Admin SSL/TLS Options

  1. #1
    Senior Member
    Join Date
    Dec 2010
    Location
    near Celle, Germany
    Posts
    187

    Z-Admin SSL/TLS Options

    Hi,

    one of the important changed in zarafa 7.1.12 / 7.2 are the enhanced "SSL" settings, especially the possibility to finally disable SSL (v2 and v3) and to force certain ciphers.
    as far as I can see it there it no way to set them via zadmin? will that change?
    can I just edit the server.cfg without any problems with the knowledge, that zadmin may overwrite these changes?

    greetings
    1of16

  2. #2
    Senior Member
    Join Date
    Dec 2012
    Posts
    267
    Hi,

    I doubt that we will have the resources to implement this in the near future. As far as I know, we only selectively rewrite server.cfg, so I would assume this to be safe for now.

    Kind regards,

    Christian

  3. #3
    Senior Member
    Join Date
    Dec 2010
    Location
    near Celle, Germany
    Posts
    187
    Hi Christian,

    ok, but it would be great, if we could select the protocols and ciphers to use for zarafa and postfix at some point.

    atm I had to change the following config-files to disabled ssl3 completely (debian based system):
    in /etc/zarafa/server.cfg I added the following:
    for gateway.cfg and ical.cfg remove the "server_" prefix, otherwise it is the same.

    please note, that you should check for new cipher recommendations here:

    additional you have to alter the /etc/postfix/main.cf:
    restart zarafa-server, zarafa-gateway, zarafa-ical and postfix and you finally got rid of the old crappy ssl3.

    feel free to disabled / firewall the smtps port (not smtp!), because you shouldn't use it anymore

    1of16
    Last edited by 1of16; 22-06-2015 at 09:08 PM. Reason: added gateway and ical

  4. #4
    Senior Member
    Join Date
    Feb 2008
    Location
    Leonberg, Germany
    Posts
    273
    Please note that all PFS-based ciphers (starting with ECDHE or DHE) won't work anyway in Zarafa, because there is still no PFS support (neither in 7.1.x nor in 7.2.x). So ensure that you still have always other ciphers in your Zarafa configuration.
    I install, configure, customize, integrate and maintain Zarafa setups in different environments since 2007. If you want my full attention, please send me a private message and ask for paid support.

  5. #5
    Did you really update only the server.cfg , but you didn't modify the gateway.cfg and ical.cfg accordingly?

  6. #6
    Senior Member
    Join Date
    Dec 2010
    Location
    near Celle, Germany
    Posts
    187
    I neither use imap nor pop, so zarafa-gateway is stopped.
    but you're right, you should edit gateway.cfg and ical.cfg too.

    edit: added informations for gateway and ical.
    Last edited by 1of16; 22-06-2015 at 09:08 PM.

Similar Threads

  1. email header options
    By elmuchacho in forum Installation, Configuration and Maintenance
    Replies: 13
    Last Post: 22-07-2015, 05:26 AM
  2. Too many options given?
    By xcoder in forum WebAccess usage Archives
    Replies: 15
    Last Post: 26-03-2010, 03:42 PM
  3. Question concerning options of Zarafa
    By blackjack97 in forum Installation and Configuration Archives
    Replies: 0
    Last Post: 01-03-2010, 12:11 AM
  4. What options are there for Load balancing?
    By stephen in forum Beta Feedback Archives
    Replies: 4
    Last Post: 26-06-2009, 01:31 PM
  5. WAN usage sync options
    By mwmail in forum Outlook usage Archives
    Replies: 3
    Last Post: 28-04-2009, 09:25 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •