Excluding RC4 ciphers still shows up in a TLS scan
Excluding RC4 ciphers still shows up in a TLS scan
- This article is a Work in Progress, and may be unfinished or missing sections.
Purpose
Excluding RC4 ciphers still shows up in a TLS scan.
Resolution
For RC4, we have to specify the 'SSL' ciphers in the exclude list as well:
zmprov mcf +zimbraSSLExcludeCipherSuites SSL_RSA_WITH_RC4_128_MD5 zmprov mcf +zimbraSSLExcludeCipherSuites SSL_RSA_WITH_RC4_128_SHA zmprov mcf +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA zmmailboxdctl restart
The only change made is that 'TLS' has been replaced with 'SSL' for these specific cipher suites.
Additional Content
- For detailed explanations of and Ciphers and Security, please visit the official [| Security Wiki page].