Revision as of 00:59, 13 December 2014 by Quanah (talk | contribs) (Jetty settings)

Security Settings for Zimbra Collaboration 8.6 series

Proxy settings

Cipher suite settings

The single valued zimbraReverseProxySSLCiphers attribute configures what cipher suites the nginx proxy will allow to be negotiated over SSL. This affects HTTPS when the web proxy is enabled, and POP and IMAP when the mail proxy is enabled. It is only possible to set this value in globalconfig.

The current recommended setting is:


It can be set using the zmprov mcf command

Protocol version settings

The multi-valued attribute controlling the acceptable TLS protocol versions to be used by the nginx proxy is zimbraReverseProxySSLProtocols. It can be set at both the globalconfig and server level.

The current recommend values for this attribute are:


The values can be modified to either add or remove a protocl:

To add a protocol at the globalconfig level: zmprov mcf zimbraReverseProxySSLProtocols +protocol

To remove a protocol at the globalconfig value: zmprov mcf zimbraReverseProxySSLProtocols -protocol

If it is desired to have the servers have different protocol level settings, this can be done by setting the values at the server level.

To add a protocol at the server level: zmprov ms hostname zimbraReverseProxySSLProtocols +protocol

To remove a protocol at the server level: zmprov ms hostname zimbraReverseProxySSLProtocols -protocol

Jetty settings

Cipher suite settings

Protocol settings

LDAP settings

MTA settings

Jump to: navigation, search