Hello Zimbra Partners, Customers & Friends,
In the latest Zimbra patch, Zimbra 9.0.0 “Kepler” Patch 13 and 8.8.15 “James Prescott Joule” Patch 20, the following packages are now GA:
- OpenSSL 1.1.1h support for TLS 1.3.
- OpenSSL 1.1.1h with FIPS module support.
- Postfix 3.5.6 support for TLSv1.3
- Nginx 1.19.0 support for TLSv1.3
Why is this important for you?
TLS 1.3 is a new encryption protocol update that is both faster (reducing HTTPS overhead) and more secure than TLS 1.2. TLS 1.3 removes obsolete and insecure features from TLS 1.2.
TLS is Transport Layer Security, the successor to SSL (secure sockets layer), providing secure communication between web browsers and servers. For more information on TLS 1.3, visit this blog.
If you have any questions, please send an email to zimbra-team@zimbra.com.
Thank you,
Your Zimbra Team
This is great, but are there any instructions on anything we need to do to disable TLS 1.1 or 1.2 or how this might affect email clients, mobile devices, etc.
Hi David – Please visit forums.zimbra.com and ask there. The community will be able to point you in the right direction. In the meantime, I will find more info on this to add to this blog post. Thanks!
Hi David – I received this response from our team … The answer depends on if the users on the Zimbra infrastructure use dated devices, as turning things off will cut off support for old phones, and not up-to-date operating systems.
In any case they could take a look at:
https://www.missioncriticalemail.com/2018/11/12/zimbra-security-tip-use-only-tls12/
https://wiki.zimbra.com/wiki/How_to_disable_TLSv1
https://www.ssllabs.com/ssltest/
I hope this helps!