Enabling-AES256-ZCS6

Revision as of 21:49, 25 April 2011 by Fmarques (talk | contribs) (Created page with '== Enabling AES256 with ZCS 6x == Currently the JRE shipped with ZCS 6.x does not support '''AES_256 Cipher Suites'''. As a workaround, you can download the "Cryptography Extens…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Enabling AES256 with ZCS 6x

Currently the JRE shipped with ZCS 6.x does not support AES_256 Cipher Suites. As a workaround, you can download the "Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6" from Oracle.com and replace the jar files at the Zimbra installation (for now this workaround is not officially supported but it should work). Please do the following:

- Download Java(TM) Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 from here:

https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer

- Unzip the file to a temporary directory on the Zimbra server

- Go to /opt/zimbra/java/jre/lib/security/ and backup local_policy.jar and US_export_policy.jar

- Replace US_export_policy.jar and local_policy.jar with the ones from the zip file

- Restart mailboxd with:

su - zimbra ; zmmailboxdctl restart

- Verify that you can connect with your browser using the AES 256 Cipher Suites.

ZCS 7.x ships with AES 256 Cipher Suites, so there is no need to apply this workaround if you are using it.


--Fmarques 21:49, 25 April 2011 (UTC)

Jump to: navigation, search