How to disable TLSv1: Difference between revisions
Line 32: | Line 32: | ||
These same commands can be used to disable also TLSv1.1 if needed. | These same commands can be used to disable also TLSv1.1 if needed. | ||
As an option, use nmap to check what protocols are active.<br> | |||
<code><pre> | |||
nmap --script ssl-enum-ciphers -p 443 proxy.example.com | |||
</pre></code> | |||
{{Article Footer|Zimbra Collaboration 8.8.11, 8.8.12| 15/05/2019}} | {{Article Footer|Zimbra Collaboration 8.8.11, 8.8.12| 15/05/2019}} | ||
{{NeedSME|SME1|SME2|COPY EDITOR}} | {{NeedSME|SME1|SME2|COPY EDITOR}} |
Revision as of 15:00, 31 March 2021
How to disable TLSv1
Problem
The purpose of this article is to show how to disable TLSv1 on Zimbra server.
Resolution
There are couple of components for which we can disable TLSv1:
1. Disable TLSv1 for proxy server/s:
$ zmprov mcf -zimbraReverseProxySSLProtocols TLSv1 $ zmproxyctl restart
2. Disable TLSv1 in Jetty for HTTPS, IMAPS, POP3S, and STARTTLS (including LMTP)
$ zmprov ms `zmhostname` -zimbraMailboxdSSLProtocols TLSv1 $ zmmailboxdctl restart
3. Disable TLSv1 for ports 465, 587 and 25:
$ zmprov mcf zimbraMtaSmtpTlsProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpdTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmmtactl restart
These same commands can be used to disable also TLSv1.1 if needed.
As an option, use nmap to check what protocols are active.
nmap --script ssl-enum-ciphers -p 443 proxy.example.com