How to disable TLSv1: Difference between revisions
(Created page with "=How to disable TLSv1= {{KB|{{ZC}}|{{ZCS 8.8}}|{{ZCS 8.7}}||}} {{WIP}} ==Problem== The purpose of this article is to show how to disable TLSv1 on Zimbra server. ==Resolu...") |
|||
Line 15: | Line 15: | ||
1. Disable TLSv1 for proxy server/s: | 1. Disable TLSv1 for proxy server/s: | ||
$ zmprov mcf -zimbraReverseProxySSLProtocols TLSv1 | $ zmprov mcf -zimbraReverseProxySSLProtocols TLSv1 | ||
$ zmproxyctl restart | |||
2. Disable TLSv1 in Jetty for HTTPS, IMAPS, POP3S, and STARTTLS (including LMTP) | 2. Disable TLSv1 in Jetty for HTTPS, IMAPS, POP3S, and STARTTLS (including LMTP) | ||
$ zmprov ms `zmhostname` -zimbraMailboxdSSLProtocols TLSv1 | $ zmprov ms `zmhostname` -zimbraMailboxdSSLProtocols TLSv1 | ||
$ zmmailboxdctl restart | |||
3. Disable TLSv1 for ports 465, 587 and 25: | 3. Disable TLSv1 for ports 465, 587 and 25: | ||
Line 26: | Line 27: | ||
$ zmprov mcf zimbraMtaSmtpTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' | $ zmprov mcf zimbraMtaSmtpTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' | ||
$ zmprov mcf zimbraMtaSmtpdTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' | $ zmprov mcf zimbraMtaSmtpdTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' | ||
$ zmmtactl restart | |||
Revision as of 14:21, 15 May 2019
How to disable TLSv1
- This article is a Work in Progress, and may be unfinished or missing sections.
Problem
The purpose of this article is to show how to disable TLSv1 on Zimbra server.
Resolution
There are couple of components for which we can disable TLSv1:
1. Disable TLSv1 for proxy server/s:
$ zmprov mcf -zimbraReverseProxySSLProtocols TLSv1 $ zmproxyctl restart
2. Disable TLSv1 in Jetty for HTTPS, IMAPS, POP3S, and STARTTLS (including LMTP)
$ zmprov ms `zmhostname` -zimbraMailboxdSSLProtocols TLSv1 $ zmmailboxdctl restart
3. Disable TLSv1 for ports 465, 587 and 25:
$ zmprov mcf zimbraMtaSmtpTlsProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpdTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmmtactl restart
These same commands can be used to disable also TLSv1.1 if needed.