How to disable TLSv1
How to disable TLSv1
- This article is a Work in Progress, and may be unfinished or missing sections.
Problem
The purpose of this article is to show how to disable TLSv1 on Zimbra server.
Resolution
There are couple of components for which we can disable TLSv1:
1. Disable TLSv1 for proxy server/s:
$ zmprov mcf -zimbraReverseProxySSLProtocols TLSv1 $ zmproxyctl restart
2. Disable TLSv1 in Jetty for HTTPS, IMAPS, POP3S, and STARTTLS (including LMTP)
$ zmprov ms `zmhostname` -zimbraMailboxdSSLProtocols TLSv1 $ zmmailboxdctl restart
3. Disable TLSv1 for ports 465, 587 and 25:
$ zmprov mcf zimbraMtaSmtpTlsProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpdTlsProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmprov mcf zimbraMtaSmtpdTlsMandatoryProtocols '!SSLv2,!SSLv3,!TLSv1' $ zmmtactl restart
These same commands can be used to disable also TLSv1.1 if needed.