-
Notifications
You must be signed in to change notification settings - Fork 27
Nginx TLS 1.3 Beta release
NOTE: Beta features are not supported and should not be installed on production systems. Beta modules have been provided for evaluation in lab environments only.
Upgraded 3rd Party Nginx from version 1.7.1 to 1.19.0
- Nginx 1.19.0 support for TLSv1.3
You must add your local repository to your RHEL/CentOS Configuration :
ZCS 8.8.15
RHEL6
root@zimbra8815:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF
[zimbra]
name=Zimbra RPM Repository
baseurl=https://repo.zimbra.com/rpm/8815-tls1_3-beta/rhel6
gpgcheck=1
enabled=1
EOF
RHEL7
root@zimbra8815:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF
[zimbra]
name=Zimbra RPM Repository
baseurl=https://repo.zimbra.com/rpm/8815-tls1_3-beta/rhel7
gpgcheck=1
enabled=1
EOF
RHEL8
root@zimbra8815:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF
[zimbra]
name=Zimbra RPM Repository
baseurl=https://repo.zimbra.com/rpm/8815-tls1_3-beta/rhel8
gpgcheck=1
enabled=1
EOF
ZCS 9.0.0
RHEL6
root@zimbra90:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF
[zimbra]
name=Zimbra RPM Repository
baseurl=https://repo.zimbra.com/rpm/90-tls1_3-beta/rhel6
gpgcheck=1
enabled=1
EOF
RHEL7
root@zimbra90:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF
[zimbra]
name=Zimbra RPM Repository
baseurl=https://repo.zimbra.com/rpm/90-tls1_3-beta/rhel7
gpgcheck=1
enabled=1
EOF
RHEL8
root@zimbra90:~# cat > /etc/yum.repos.d/zimbra.repo <<EOF
[zimbra]
name=Zimbra RPM Repository
baseurl=https://repo.zimbra.com/rpm/90-tls1_3-beta/rhel8
gpgcheck=1
enabled=1
EOF
-
As root, first clear the yum cache and check for updates so the server sees all updated packages in the repository:
yum clean metadatayum check-update -
Then ask yum to update available packages:
yum update -
Restart ZCS as
zimbrauser:su - zimbrazmcontrol restart
-
As root, first clear the yum cache and check for updates so the server sees all updated packages in the repository:
yum clean metadatayum check-update -
Then upgrade the packages:
yum install zimbra-proxy-patch -
Restart ZCS as
zimbrauser:su - zimbrazmcontrol restart
ZCS 8.8.15
UBUNTU14
root@zimbra8815:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
deb [arch=amd64] https://repo.zimbra.com/apt/8815-tls1_3-beta trusty zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/8815-tls1_3-beta trusty zimbra
EOF
UBUNTU16
root@zimbra8815:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
deb [arch=amd64] https://repo.zimbra.com/apt/8815-tls1_3-beta xenial zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/8815-tls1_3-beta xenial zimbra
EOF
UBUNTU18
root@zimbra8815:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
deb [arch=amd64] https://repo.zimbra.com/apt/8815-tls1_3-beta bionic zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/8815-tls1_3-beta bionic zimbra
EOF
ZCS 9.0.0
UBUNTU14
root@zimbra90:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
deb [arch=amd64] https://repo.zimbra.com/apt/90-tls1_3-beta trusty zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/90-tls1_3-beta trusty zimbra
EOF
UBUNTU16
root@zimbra90:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
deb [arch=amd64] https://repo.zimbra.com/apt/90-tls1_3-beta xenial zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/90-tls1_3-beta xenial zimbra
EOF
UBUNTU18
root@zimbra90:~/# cat > /etc/apt/sources.list.d/zimbra.list << EOF
deb [arch=amd64] https://repo.zimbra.com/apt/90-tls1_3-beta bionic zimbra
deb-src [arch=amd64] https://repo.zimbra.com/apt/90-tls1_3-beta bionic zimbra
EOF
-
As
root, check for updates so the so the server sees all updated packages in the repository:apt-get update -
Then update available packages:
apt-get upgrade -
Restart ZCS as
zimbrauser:su - zimbrazmcontrol restart
-
Upgrade the packages:
apt-get updateapt-get install zimbra-proxy-patch -
Restart ZCS as zimbra user:
su - zimbrazmcontrol restart
ZCS 8.8.15 OpenSSL and Postfix TLS 1.3 Beta Packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18
zimbra-nginx : 1.19.0-1zimbra8.8b1
zimbra-proxy-components : 1.0.6-1zimbra8.8b1
zimbra-proxy-patch : 8.8.15.1607930110.p17-1
ZCS 9.0.0 OpenSSL and Postfix TLS 1.3 Beta Packages for RHEL6, RHEL7, RHEL8, UBUNTU14, UBUNTU16, UBUNTU18
zimbra-nginx : 1.19.0-1zimbra8.8b1
zimbra-proxy-components : 1.0.6-1zimbra8.8b1
zimbra-proxy-patch : 9.0.0.1607929581.p10-1
-
Add
TLSv1.3to existzimbraReverseProxySSLProtocols$ zmprov gcf zimbraReverseProxySSLProtocolszimbraReverseProxySSLProtocols: TLSv1 TLSv1.1 TLSv1.2$ zmprov mcf zimbraReverseProxySSLProtocols 'TLSv1 TLSv1.1 TLSv1.2 TLSv1.3' -
Add TLSv1.3 cipher
TLS_AES_256_GCM_SHA384to existzimbraReverseProxySSLCiphers$ zmprov gcf zimbraReverseProxySSLCipherszimbraReverseProxySSLCiphers: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4$ zmprov mcf zimbraReverseProxySSLCiphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:TLS_AES_256_GCM_SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'$ zmproxyctl restart