1

Topic: Does IredMail install cipher suites?

Hi all,

Does IRM install cipher suites when doing a fresh install?

I currently have a Ubuntu16/LAMP/IRM 0.9.7

I test my server @ slllabs and I keep having lots of weak ciphers showing in the testing. I have cleaned up my apache2.conf file, but lots still persist in the testing.

Wondering where else to look, to remove them from the system.

Regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Does IredMail install cipher suites?

Could you please show us the test result?

3

Re: Does IredMail install cipher suites?

Here Ya Go

Post's attachments

TLS1.1_1.0.jpg
TLS1.1_1.0.jpg 171.17 kb, file has never been downloaded. 

TLS1.2.jpg
TLS1.2.jpg 178.58 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

4

Re: Does IredMail install cipher suites?

heeter wrote:

I currently have a Ubuntu16/LAMP/IRM 0.9.7

What's the value of Apache parameter "SSLCipherSuite"?

5

Re: Does IredMail install cipher suites?

Here it is:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

6

Re: Does IredMail install cipher suites?

Try to use these ciphers:

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5

7

Re: Does IredMail install cipher suites?

ZhangHuangbin wrote:

Try to use these ciphers:

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5

Hmmm, it wasn't better, it was actually older ciphers.

Do you think that the problem might be in the postfix/main.cf file? Don't know how to edit that file, there are ciphers listed in there

8

Re: Does IredMail install cipher suites?

Please show us all SSL related settings in Apache.