Enabling-AES256-ZCS6

Currently the JRE shipped with ZCS 6.x does not support AES_256 Cipher Suites. As a workaround, you can download the "Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6" from Oracle.com and replace the jar files at the Zimbra installation (this workaround is not officially supported but it should work). Please do the following:

- Download Java(TM) Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6 from here:

https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer

- Unzip the file to a temporary directory on the Zimbra server

- Go to /opt/zimbra/java/jre/lib/security/ and backup local_policy.jar and US_export_policy.jar

- Replace US_export_policy.jar and local_policy.jar with the ones from the zip file

- Restart mailboxd with:

su - zimbra ; zmmailboxdctl restart

- Verify that you can connect with your browser using the AES 256 Cipher Suites.

ZCS 7.x ships with AES 256 Cipher Suites, so there is no need to apply this workaround if you are using it. Please note that any upgrade will overwrite the jar's, so you have to replace them again after the upgrade.

--Fmarques 21:49, 25 April 2011 (UTC)

Jump to: navigation, search