1 Topic by jagter6

  • jagter6
  • Member
  • Offline
  • Registered: 2013-12-04
  • Posts: 27

Topic: Upgrade iRedMail to 0.9.2

============ Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.1
- Linux/BSD distribution name and version: Ubuntu 14.04LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mySQL
- Web server (Apache or Nginx):Apache 2.4.7
- Manage mail accounts with iRedAdmin-Pro? iREdAdminPro-SQL-2.1.3
- Related log if you're reporting an issue:
====


I am not clear on the upgrade instructions for iREdMail. In the upgrade tutorial there is the following section:



Update Apache setting

Note: This step is applicable if you have Apache running on your server.
Check your Apache version first:
# apachectl -v
Find below settings in Apache SSL config file and update them to below values. If they don't exist, please add them.
on RHEL/CentOS, it's /etc/httpd/conf.d/ssl.conf.
on Debian/Ubuntu, it's /etc/apache2/sites-available/default-ssl (or default-ssl.conf).
on FreeBSD, it's /usr/local/etc/apache2*/extra/httpd-ssl.conf.
on OpenBSD, it's not applicable since we don't have Apache installed.

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

On Ubuntu 15.04 and later releases, please add one additional setting:

SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparams.pem

If you're running Apache older than version 2.4.8, please append the DHparams generated above to the end of the certificate file. Note: if you use a bought SSL certificate, append it to your cert file.

On RHEL/CentOS: 

# cat /etc/pki/tls/dhparams.pem >> /etc/pki/tls/certs/iRedMail.crt

Debian/Ubuntu: 

# cat /etc/ssl/dhparams.pem >> /etc/ssl/certs/iRedMail.crt

Reloading or restarting Apache service is required:

# service httpd restart

Do I need to add the DHparams.pem file to my cert file if I am running Ubuntu 14.04LTS or ONLY if I run Ubuntu 15.04?

Regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Upgrade iRedMail to 0.9.2

jagter6 wrote:

Do I need to add the DHparams.pem file to my cert file

It's applicable to all distributions, not just Ubuntu.

I updated this tutorial, it should be clearer now.