1 Topic by heeter

  • heeter
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 65

Topic: Does IredMail install cipher suites?

Hi all,

Does IRM install cipher suites when doing a fresh install?

I currently have a Ubuntu16/LAMP/IRM 0.9.7

I test my server @ slllabs and I keep having lots of weak ciphers showing in the testing. I have cleaned up my apache2.conf file, but lots still persist in the testing.

Wondering where else to look, to remove them from the system.

Regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Does IredMail install cipher suites?

Could you please show us the test result?

3 Reply by heeter

  • heeter
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 65

Re: Does IredMail install cipher suites?

Here Ya Go

Post's attachments

TLS1.1_1.0.jpg
TLS1.1_1.0.jpg 171.17 kb, file has never been downloaded. 

TLS1.2.jpg
TLS1.2.jpg 178.58 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Does IredMail install cipher suites?

heeter wrote:

I currently have a Ubuntu16/LAMP/IRM 0.9.7

What's the value of Apache parameter "SSLCipherSuite"?

5 Reply by heeter

  • heeter
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 65

Re: Does IredMail install cipher suites?

Here it is:

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Does IredMail install cipher suites?

Try to use these ciphers:

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5

7 Reply by heeter

  • heeter
  • Member
  • Offline
  • Registered: 2016-11-22
  • Posts: 65

Re: Does IredMail install cipher suites?

ZhangHuangbin wrote:

Try to use these ciphers:

ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5

Hmmm, it wasn't better, it was actually older ciphers.

Do you think that the problem might be in the postfix/main.cf file? Don't know how to edit that file, there are ciphers listed in there

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Does IredMail install cipher suites?

Please show us all SSL related settings in Apache.