Security/Collab/86

Revision as of 23:41, 12 December 2014 by Quanah (talk | contribs)

Security Settings for Zimbra Collaboration 8.6 series

Proxy settings

Cipher suite settings

The single valued zimbraReverseProxySSLCiphers attribute configures what cipher suites the nginx proxy will allow to be negotiated over SSL. This affects HTTPS when the web proxy is enabled, and POP and IMAP when the mail proxy is enabled.

The current recommended setting is:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4

Protocol version settings

zimbraReverseProxySSLProtocols TLSv1 TLSv1.1 TLSv1.2

Jetty settings

LDAP settings

MTA settings

Jump to: navigation, search