Zimbra is aware of a newly disclosed SSL/TLS vulnerability that provides a potential malicious actor with a method to perform a Man-in-the-Middle (MitM) attack — the vulnerability is referred to as Logjam.
Similar to FREAK, this attack targets export-grade encryption, specifically Diffie-Hellman key exchanges.
For more information on the attack and how this applies to Zimbra, please head over to the security group.
For 8.0.x customers: In 8.0.x, Java 1.7 is used. Unfortunately, in Java 1.7, the DH parameters are hard-coded to 768 bits (excluding when using export cipher suites, which use 512 bits, but those should already be disabled). The workaround is to use the (Nginx) Proxy always. The other option is to disable all DHE suites. Which has the side effect of losing forward secrecy for any user agents that do not support ECDHE. (ref: http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html