Hi,
we are a long time Zimbra user. Since we started using S/MIME for encrypted email communication, we are experiencing problems with decrypting emails on iOS devices, when the email is sent from the Zimbra WebUI.
When an email is sent from Thunderbird or Outlook, it is possible to read these mails on iOS. We did a lot of tests and in the end it came down to weak ciphers used in the Zimbra WebUI.
Zimbra is using rc2-cbc, which seems to be not accepted by iOS devices. Thunderbird for example is using AES-128 CBC.
This effected Version 8.7, 8.8.15 and 10 (also the new UI). You can check the Algorithms with the following command.
openssl cms -in email.eml -cmsout -print
On 8.7 we actually tried to decompile the zimlet and fix the problem ourself. Here are some code snippets.
It fixed the problem with iOS devices, but it broke other things and in the end we never used it.
Is anybody using the S/MIME function of Zimbra and is experiencing the same problems?
Regards
we are a long time Zimbra user. Since we started using S/MIME for encrypted email communication, we are experiencing problems with decrypting emails on iOS devices, when the email is sent from the Zimbra WebUI.
When an email is sent from Thunderbird or Outlook, it is possible to read these mails on iOS. We did a lot of tests and in the end it came down to weak ciphers used in the Zimbra WebUI.
Zimbra is using rc2-cbc, which seems to be not accepted by iOS devices. Thunderbird for example is using AES-128 CBC.
This effected Version 8.7, 8.8.15 and 10 (also the new UI). You can check the Algorithms with the following command.
openssl cms -in email.eml -cmsout -print
On 8.7 we actually tried to decompile the zimlet and fix the problem ourself. Here are some code snippets.
Code:
public static void signMessage(final MimeMessage mimeMessage, final X509Certificate cert, final PrivateKey pvtKey) throws SMIMEException, IOException, MessagingException, CertificateEncodingException, OperatorCreationException { final SMIMESignedGenerator gen = new SMIMESignedGenerator(); final ASN1EncodableVector signedAttrs = new ASN1EncodableVector(); final SMIMECapabilityVector caps = new SMIMECapabilityVector(); caps.addCapability(SMIMECapability.dES_EDE3_CBC); caps.addCapability(SMIMECapability.aES192_CBC); caps.addCapability(SMIMECapability.dES_CBC);Code:
final MimeBodyPart encryptedPart = encrypter.generate(mimeMessage, new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES192_CBC).setProvider("BC").build()); mimeMessage.setContent(encryptedPart.getContent(), encryptedPart.getContentType()); mimeMessage.saveChanges();Is anybody using the S/MIME function of Zimbra and is experiencing the same problems?
Regards
Statistics: Posted by IDontUseArchBTW — Thu Dec 21, 2023 10:14 am