Server has a weak, ephermal Diffie-Hellman public key (Zimbra 7)

Chrome error:

weak dh key error in chrome

Firefox error:

weak dh key error in firefox

The recommended workaround is to update Zimbra, but there’s an easy workaround: Disabling the insecure ciphers.

/opt/zimbra/bin/zmprov mcf +zimbraSSLExcludeCipherSuites TLS_DHE_RSA_WITH_AES_128_CBC_SHA
/opt/zimbra/bin/zmprov mcf +zimbraSSLExcludeCipherSuites TLS_DHE_RSA_WITH_AES_256_CBC_SHA
/opt/zimbra/bin/zmprov mcf +zimbraSSLExcludeCipherSuites SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
/opt/zimbra/bin/zmmailboxdctl restart

Source:
https://wiki.zimbra.com/wiki/Disabling_the_use_of_weak_DH_keys_in_Zimbra_Collaboration_mailboxd

Advertisements
Server has a weak, ephermal Diffie-Hellman public key (Zimbra 7)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s