Difference between revisions of "Security/Collab/86"

(Protocol version settings)
(Protocol version settings)
Line 19: Line 19:
  
 
The current recommend values for this attribute are:
 
The current recommend values for this attribute are:
 +
<nowiki>
 
TLSv1
 
TLSv1
 
TLSv1.1
 
TLSv1.1
 
TLSv1.2
 
TLSv1.2
 +
</nowiki>
  
 
== Jetty settings ==
 
== Jetty settings ==

Revision as of 23:52, 12 December 2014

Security Settings for Zimbra Collaboration 8.6 series

Proxy settings

Cipher suite settings

The single valued zimbraReverseProxySSLCiphers attribute configures what cipher suites the nginx proxy will allow to be negotiated over SSL. This affects HTTPS when the web proxy is enabled, and POP and IMAP when the mail proxy is enabled.

The current recommended setting is:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4

It can be set using the zmprov mcf command

Protocol version settings

The multi-valued attribute controlling the acceptable TLS protocol versions to be used by the nginx proxy is zimbraReverseProxySSLProtocols

The current recommend values for this attribute are:

TLSv1
TLSv1.1
TLSv1.2
 

Jetty settings

LDAP settings

MTA settings

Jump to: navigation, search