You can easily disable all DHE ciphers, just set zimbraSSLDHParam to an empty value: zmprov mcf zimbraSSLDHParam '' (that's an empty value between quotes).
Btw, DHE ciphers are not vulnerable or "weak" in a cryptographic sense (when using a strong group), and FIPS mode will not disable them, but D(HE)ater is indeed a potential performance issue.
However virtually every client today supports ECDHE as well, so you can safely disable DHE ciphers.
Btw, DHE ciphers are not vulnerable or "weak" in a cryptographic sense (when using a strong group), and FIPS mode will not disable them, but D(HE)ater is indeed a potential performance issue.
However virtually every client today supports ECDHE as well, so you can safely disable DHE ciphers.
Statistics: Posted by ghen — Fri Apr 19, 2024 2:37 pm