Cipher suites: Difference between revisions

(New page: = Introduction = By default, the Zimbra mailbox server, ''zmmailboxd'', supports both strong and weak SSL/TLS cipher suites for '''IMAPS''', '''POP3S''', and '''HTTPS'''. A typical securi...)
 
(16 intermediate revisions by 8 users not shown)
Line 1: Line 1:
= Introduction =
__FORCETOC__
By default, the Zimbra mailbox server, ''zmmailboxd'', supports both strong and weak SSL/TLS cipher suites for '''IMAPS''', '''POP3S''', and '''HTTPS'''. A typical security requirement is to disable weak ciphers which usually includes SSL versions prior to SSLv3 and any cipher not supporting at least 128 bit.
<div class="col-md-12 ibox-content">
= Cipher suites =
{{KB||{{ZCS 9.0}}|{{ZCS 8.8}}|}}
{{WIP}}


= Enable Strong Ciphers =
= Enable Strong Ciphers =
To enable strong ciphers, weak ciphers must be disabled.  It is often best to run a SSL/TLS cipher scan first to see which ciphers your server currently supports. Once the supported weak ciphers are determined, they can be disabled one by one system wide using the '''zimbraSSLExcludeCipherSuites''' global directory attribute.
Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. (further reading: https://www.internetsociety.org/deploy360/tls/basics)


Disable weak ciphers using the ''zmprov'' command.
In this article you will learn how to configure Zimbra to use only strong encryption ciphers for TLS.
su - zimbra
zmprov mcf zimbraSSLExcludeCipherSuites <cipher>
zmmailboxd restart


Here is ciphers list that excludes SSLv2 and ciphers less than 128 bit for IMAPS, POP3S, and HTTPS.  This list should pass all security scans, so please let  me know if it does not.
= Generate ssl_ciphers for use with zimbraReverseProxySSLCiphers =
zimbraSSLExcludeCipherSuites SSL_DHE_DSS_WITH_DES_CBC_SHA
zimbraSSLExcludeCipherSuites SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites SSL_DHE_RSA_WITH_DES_CBC_SHA
zimbraSSLExcludeCipherSuites SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites SSL_RSA_EXPORT_WITH_RC4_40_MD5
zimbraSSLExcludeCipherSuites SSL_RSA_WITH_3DES_EDE_CBC_SHA
zimbraSSLExcludeCipherSuites SSL_RSA_WITH_DES_CBC_SHA
zimbraSSLExcludeCipherSuites TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
zimbraSSLExcludeCipherSuites TLS_RSA_WITH_DES_CBC_SHA


Additional security scans will show ciphers not excluded from the configuration.
Since encryption is always evolving it is recommended to use Mozilla SSL Config generator that you can find at https://ssl-config.mozilla.org/


= Bugs =
Select <code>Intermediate</code> and <code>Nginx</code> (Zimbra proxy is based on Nginx) at the time of writing this article this will select nginx 1.17.7 and OpenSSL 1.1.1d. The tool also reports the oldest supported clients that work with this configuration: Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, and Safari 9.
Prior to ZCS 5.0.10, the zimbraSSLExcludeCipherSuites attribute values are not picked up by the Jetty configuration for HTTPS. To fix, replace all occurrences of ''zimbraSSLExcludeCipherSuites'' with ''zimbraSSLExcludeCipherSuitesXML'' in ''/opt/zimbra/jetty/etc/jetty.xml.in''.


cd /opt/zimbra/jetty/etc
From the generated config file copy the value from <code>ssl_ciphers</code>:
sed 's/%%zimbraSSLExcludeCipherSuites%%/%%zimbraSSLExcludeCipherSuitesXML%%/g' jetty.xml.in > /tmp/jetty.xml.in.new
cp jetty.xml.in /tmp/jetty.xml.in.old
mv /tmp/jetty.xml.in.new jetty.xml.in
zmmailboxdctl restart


Please see [http://bugzilla.zimbra.com/show_bug.cgi?id=30691 bug 30691] for more details. 
<pre>ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;</pre>
= Configuring Zimbra =


= References =
Configure Zimbra to use the above ciphers, and enable TLSv1.2 and TLSv1.3 like this:
''J2SE cipher list'' http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#SunJSSE


''OpenSSL ciphers list'' http://openssl.org/docs/apps/ciphers.html#SSL_v3_0_cipher_suites_
<pre>zmprov mcf zimbraReverseProxySSLProtocols TLSv1.2
zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.3


zmprov -l mcf zimbraReverseProxySSLCiphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'


{{Article Footer|Zimbra Collaboration Suite 5.0.9|10/1/2008}}
zmproxyctl restart</pre>
Also configure Zimbra mailbox to allow the use of TLSv1.3. Open in a text editor <code>/opt/zimbra/conf/localconfig.xml</code> find the line <code>mailboxd_java_options</code> and set <code>TLSv1.2,TLSv1.3</code> in <code>https.protocols</code> and <code>jdk.tls.client.protocols</code>. Example result:


[[Category: SSL/TLS]]
<pre>&lt;key name=&quot;mailboxd_java_options&quot;&gt;
[[Category: Mailbox]]
  &lt;value&gt;-server -Dhttps.protocols=TLSv1.2,TLSv1.3 -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true&lt;/value&gt;
&lt;/key&gt;</pre>
Then restart mailbox, or reboot your server:
 
<pre>zmmailboxdctl restart</pre>
= Generate DH parameters =
 
Generating DH parameter improves key exchange and mitigates against Logjam attack. Run as Zimbra user. Further reading: https://weakdh.org/
 
<pre>su - zimbra
/opt/zimbra/common/bin/openssl dhparam -out /opt/zimbra/conf/dhparam.pem.zcs 3072
zmprov mcf zimbraSSLDHParam /opt/zimbra/conf/dhparam.pem.zcs</pre>
Reboot the server.
 
= Configure additional HTTP headers =
 
The following headers will:
 
* Enable HTTP Strict Transport Security (HSTS)
* Disable search indexing of your server by Google et al.
 
<pre>zmprov mcf +zimbraResponseHeader &quot;Strict-Transport-Security: max-age=31536000; includeSubDomains&quot;
zmprov mcf +zimbraResponseHeader &quot;X-XSS-Protection: 1; mode=block&quot;
zmprov mcf +zimbraResponseHeader &quot;X-Content-Type-Options: nosniff&quot;
zmprov mcf +zimbraResponseHeader &quot;X-Robots-Tag: noindex&quot;
zmprov mcf zimbraMailKeepOutWebCrawlers TRUE
zmmailboxdctl restart</pre>
= Validate your settings online using SSL Labs =
 
Go to https://www.ssllabs.com/ssltest/analyze.html and enter the the domain name of your Zimbra server. If you followed the steps in this article you should receive an A+ score and there should be no mention of weak ciphers in the report. This article was written in September 2021. In the report take a look at the client devices listed under <code>Handshake Simulation</code> these will give you an idea of the devices your users can use to connect to your Zimbra server. Also validate there are no weak ciphers listed under <code>Cipher Suites</code>.

Revision as of 07:17, 4 September 2021

Cipher suites

   KB 2661        Last updated on 2021-09-4  




0.00
(0 votes)


Enable Strong Ciphers

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. (further reading: https://www.internetsociety.org/deploy360/tls/basics)

In this article you will learn how to configure Zimbra to use only strong encryption ciphers for TLS.

Generate ssl_ciphers for use with zimbraReverseProxySSLCiphers

Since encryption is always evolving it is recommended to use Mozilla SSL Config generator that you can find at https://ssl-config.mozilla.org/

Select Intermediate and Nginx (Zimbra proxy is based on Nginx) at the time of writing this article this will select nginx 1.17.7 and OpenSSL 1.1.1d. The tool also reports the oldest supported clients that work with this configuration: Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20, and Safari 9.

From the generated config file copy the value from ssl_ciphers: 

ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

Configuring Zimbra

Configure Zimbra to use the above ciphers, and enable TLSv1.2 and TLSv1.3 like this: 

zmprov mcf zimbraReverseProxySSLProtocols TLSv1.2
zmprov mcf +zimbraReverseProxySSLProtocols TLSv1.3

zmprov -l mcf zimbraReverseProxySSLCiphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'

zmproxyctl restart

Also configure Zimbra mailbox to allow the use of TLSv1.3. Open in a text editor /opt/zimbra/conf/localconfig.xml find the line mailboxd_java_options and set TLSv1.2,TLSv1.3 in https.protocols and jdk.tls.client.protocols. Example result: 

<key name="mailboxd_java_options">
  <value>-server -Dhttps.protocols=TLSv1.2,TLSv1.3 -Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 -Djava.awt.headless=true -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UseG1GC -XX:SoftRefLRUPolicyMSPerMB=1 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true</value>
</key>

Then restart mailbox, or reboot your server: 

zmmailboxdctl restart

Generate DH parameters

Generating DH parameter improves key exchange and mitigates against Logjam attack. Run as Zimbra user. Further reading: https://weakdh.org/ 

su - zimbra
/opt/zimbra/common/bin/openssl dhparam -out /opt/zimbra/conf/dhparam.pem.zcs 3072
zmprov mcf zimbraSSLDHParam /opt/zimbra/conf/dhparam.pem.zcs

Reboot the server.

Configure additional HTTP headers

The following headers will:

  • Enable HTTP Strict Transport Security (HSTS)
  • Disable search indexing of your server by Google et al.
zmprov mcf +zimbraResponseHeader "Strict-Transport-Security: max-age=31536000; includeSubDomains"
zmprov mcf +zimbraResponseHeader "X-XSS-Protection: 1; mode=block"
zmprov mcf +zimbraResponseHeader "X-Content-Type-Options: nosniff"
zmprov mcf +zimbraResponseHeader "X-Robots-Tag: noindex"
zmprov mcf zimbraMailKeepOutWebCrawlers TRUE
zmmailboxdctl restart

Validate your settings online using SSL Labs

Go to https://www.ssllabs.com/ssltest/analyze.html and enter the the domain name of your Zimbra server. If you followed the steps in this article you should receive an A+ score and there should be no mention of weak ciphers in the report. This article was written in September 2021. In the report take a look at the client devices listed under Handshake Simulation these will give you an idea of the devices your users can use to connect to your Zimbra server. Also validate there are no weak ciphers listed under Cipher Suites.

Retrieved from "http://wiki.zimbra.com/index.php?title=Cipher_suites&oldid=68400"
Jump to: navigation, search