Our production Zimbra is 8_5, currently it's ussing SSL 3.0 and other depreciated ciphers need these disabled, backups taken first of the files then fix applied (either manually or automatically)
from the vulnerability scan:
If TLSv1.1 or TLSv1.2 are available, then those protocols should be used.
SSLProtocol TLSv1.1 TLSv1.2
If TLSv1.1 and TLSv1.2 are not available then only TLS1.0 should be used:
Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: