Patch by Robert Scheck <robert@fedoraproject.org> for Zarafa >= 7.1.12 which re-adds the whole
documentation that was initially proposed to upstream but lost when this feature was backported
from Zarafa 7.2 to the 7.1 series.
Proposed to upstream via e-mail on Sat, 8 Mar 2014 14:30:29 +0100, initial patch was put into
the upstream ticket https://jira.zarafa.com/browse/ZCP-12143.
--- zarafa-7.1.12/doc/manual.xml 2015-04-07 12:03:31.000000000 +0200
+++ zarafa-7.1.12/doc/manual.xml.ssl_protocols_ciphers 2015-04-07 17:05:47.000000000 +0200
@@ -4226,14 +4226,35 @@
</varlistentry>
<varlistentry>
- <term><option>server_ssl_enable_v2</option></term>
+ <term><option>server_ssl_protocols</option></term>
<listitem>
- <para>Incoming SSL connections normally are v3.</para>
- <para>Default: <replaceable>no</replaceable>
- </para>
+ <para>Disabled or enabled protocol names. Supported protocol names
+ are <replaceable>SSLv2</replaceable>, <replaceable>SSLv3</replaceable>
+ and <replaceable>TLSv1</replaceable>. If Zarafa was linked against
+ OpenSSL 1.0.1 or later there is additional support for the new protocols
+ <replaceable>TLSv1.1</replaceable> and <replaceable>TLSv1.2</replaceable>.
+ To exclude both, SSLv2 and SSLv3 set <option>server_ssl_protocols</option>
+ to <replaceable>!SSLv2 !SSLv3</replaceable>. SSLv2 is considered unsafe
+ and these connections should not be accepted.</para>
+ <para>Default: <replaceable>!SSLv2</replaceable></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>server_ssl_ciphers</option></term>
+ <listitem>
+ <para>SSL ciphers to use, set to <replaceable>ALL</replaceable> for backward compatibility.</para>
+ <para>Default: <replaceable>ALL:!LOW:!SSLv2:!EXP:!aNULL</replaceable></para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>server_ssl_prefer_server_ciphers</option></term>
+ <listitem>
+ <para>Prefer the server's order of SSL ciphers over client's.</para>
+ <para>Default: <replaceable>no</replaceable></para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsection>
@@ -8090,11 +8111,32 @@
</varlistentry>
<varlistentry>
- <term><option>ssl_enable_v2</option></term>
+ <term><option>ssl_protocols</option></term>
+ <listitem>
+ <para>Disabled or enabled protocol names. Supported protocol names
+ are <replaceable>SSLv2</replaceable>, <replaceable>SSLv3</replaceable>
+ and <replaceable>TLSv1</replaceable>. If Zarafa was linked against
+ OpenSSL 1.0.1 or later there is additional support for the new protocols
+ <replaceable>TLSv1.1</replaceable> and <replaceable>TLSv1.2</replaceable>.
+ To exclude both, SSLv2 and SSLv3 set <option>ssl_protocols</option>
+ to <replaceable>!SSLv2 !SSLv3</replaceable>. SSLv2 is considered unsafe
+ and these connections should not be accepted.</para>
+ <para>Default: <replaceable>!SSLv2</replaceable></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>ssl_ciphers</option></term>
<listitem>
- <para>Accept SSLv2 only connections. SSLv2 is considered
- unsafe, and these connections should not be
- accepted.</para>
+ <para>SSL ciphers to use, set to <replaceable>ALL</replaceable> for backward compatibility.</para>
+ <para>Default: <replaceable>ALL:!LOW:!SSLv2:!EXP:!aNULL</replaceable></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>ssl_prefer_server_ciphers</option></term>
+ <listitem>
+ <para>Prefer the server's order of SSL ciphers over client's.</para>
<para>Default: <replaceable>no</replaceable></para>
</listitem>
</varlistentry>
@@ -10091,11 +10133,32 @@
</varlistentry>
<varlistentry>
- <term><option>ssl_enable_v2</option></term>
+ <term><option>ssl_protocols</option></term>
+ <listitem>
+ <para>Disabled or enabled protocol names. Supported protocol names
+ are <replaceable>SSLv2</replaceable>, <replaceable>SSLv3</replaceable>
+ and <replaceable>TLSv1</replaceable>. If Zarafa was linked against
+ OpenSSL 1.0.1 or later there is additional support for the new protocols
+ <replaceable>TLSv1.1</replaceable> and <replaceable>TLSv1.2</replaceable>.
+ To exclude both, SSLv2 and SSLv3 set <option>ssl_protocols</option>
+ to <replaceable>!SSLv2 !SSLv3</replaceable>. SSLv2 is considered unsafe
+ and these connections should not be accepted.</para>
+ <para>Default: <replaceable>!SSLv2</replaceable></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>ssl_ciphers</option></term>
+ <listitem>
+ <para>SSL ciphers to use, set to <replaceable>ALL</replaceable> for backward compatibility.</para>
+ <para>Default: <replaceable>ALL:!LOW:!SSLv2:!EXP:!aNULL</replaceable></para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>ssl_prefer_server_ciphers</option></term>
<listitem>
- <para>Accept SSLv2 only connections. SSLv2 is considered
- unsafe, and these connections should not be
- accepted.</para>
+ <para>Prefer the server's order of SSL ciphers over client's.</para>
<para>Default: <replaceable>no</replaceable></para>
</listitem>
</varlistentry>