search for: ciphersuites

Displaying 20 results from an estimated 20 matches for "ciphersuites".

2004 Mar 17
2
FreeBSD-SA-04:05.openssl question
...g SSL handshake" DoS vulnerability. However, the OpenSSH Security Advisory of 17 March 2004 announced the same vulnerability with one more vulnerability. Look at http://www.openssl.org/news/secadv_20040317.txt Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects Kerberos ciphersuites" security problem? Thanks __________________________________ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
2020 Sep 24
3
dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?
I've installed grep PRETTY /etc/os-release PRETTY_NAME="Fedora 32 (Server Edition)" dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit lib-ssl-iostream: Support TLSv1.3 ciphersuites https://github.com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4 checking openssl rpm -ql openssl-devel-1.1.1g-1.fc32.x86_64 | grep -i ciphersuites /usr/share/man/man3/SSL_CTX_set_ciphersuites.3ssl....
2006 Apr 07
1
your mail
> On Thu, 6 Apr 2006, Miller, Damien wrote: > > > > > Does OpenSSH 4.3 support the use of the TLS ciphersuites that are > > supported in OpenSSL? > > If so, is this a compile time option or a run-time option? > Or can sshd > > support both the SSL and TLS ciphersuites at the same time? > > OpenSSH doesn't use SSL or TLS - the SSH protocol defines its > own transport p...
2020 May 09
1
Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
>> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. > > There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread. If the ciphersuite (not cipher for that's a TLSv1.2 term), but a
2006 Apr 06
1
No subject
Does OpenSSH 4.3 support the use of the TLS ciphersuites that are supported in OpenSSL? If so, is this a compile time option or a run-time option? Or can sshd support both the SSL and TLS ciphersuites at the same time? Jim Humphreys
2007 Apr 23
1
Trying to explain mutt+dovecot(ssl) to myself :(
...t+ssl and getting it all wrong --------------------------------------------------- * mutt(with openssl support built in) initiates with a "SSL-Client-Hello" to SSL on port 993 i.e. mutt's capabilities (algorithms, SSL version etc). * dovecot:993 compares mutt's CipherSuites with its own. Of the CipherSuites mutt and dovecot have in common, dovecot:993 chooses the _most_ secure algorithm. * Dovecot:993 will then tell mutt what it has decided to use and assigns a Unique session ID. From now on all communication is via this ID. * Now that the Cipher...
2003 Mar 21
0
FreeBSD Security Advisory FreeBSD-SA-03:06.openssl
...s choice using the server's RSA key. Note that the server's RSA key is not compromised in this attack. IV. Workaround RSA timing attack: Disable the use of RSA or enable RSA blinding in OpenSSL using the RSA_blinding_on() function. The method of adjusting the list of acceptable ciphersuites varies from application to application. See the application's documentation for details. Klima-Pokorny-Rosa attack: Disable the use of ciphersuites which use PKCS #1 v1.5 padding in SSL or TLS. The method of adjusting the list of acceptable ciphersuites varies from application to app...
2020 Sep 24
0
dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?
...39;ve installed > > grep PRETTY /etc/os-release > PRETTY_NAME="Fedora 32 (Server Edition)" > dovecot --version > 2.3.10.1 (a3d0e1171) > openssl version > OpenSSL 1.1.1g FIPS 21 Apr 2020 > > iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit > > lib-ssl-iostream: Support TLSv1.3 ciphersuites > https://github.com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4 > > checking openssl > Hi! The config option is still missing, but it's in our backlog along with other s...
2006 Apr 06
0
OpenSSH 4.3 support for TLS in OpenSSL 0.9.8
Does OpenSSH 4.3 support the use of the TLS ciphersuites that are supported in OpenSSL 0.9.8? If so, is this a compile time option or a run-time option? Or can ssh and sshd support both the SSL and TLS ciphersuites at the same time? Jim Humphreys
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...ki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1.2 Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE...
2012 Mar 20
1
IMAP and POP3 per SSL
...need to set SSLHonorCipherOrder On in apache config. This results in the following C-Code being executed: SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); This setting tells OpenSSL not to honor the Ciper Order sent from the client, but prefer it's own configured set of CipherSuites. According to Qualis SSL Labs ( https://www.ssllabs.com/ssldb/index.html ), a webserver configured with this setting is not affected by that BEAST security leak. Is there a way to implement such a setting into Dovecot, too? I have created a very quick and dirty solution to avoid being listed on o...
2020 Oct 01
3
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
hi, On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote: > I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 to?Dovecot v2.3.8 on Centos-8 My report is specifically/solely about the addition/use of the Options = ServerPreference parameter. I don't see that in your configuration. Are you using it? In a config using Dovecot's submission proxy?
2020 May 08
2
Unable to disable TLSv1.3 or fallback to TLSv1.2 when 1 cipher is disabled
I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`
2020 Oct 01
0
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
..._policy [ crypto_policy ] *.include /etc/crypto-policies/back-ends/opensslcnf.config* And /etc/crypto-policies/back-ends/opensslcnf.config : CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 MinProtocol = *TLSv1.1* MaxProtocol = TLSv1.3 Regards Le jeu. 1 oct. 2020 ? 17:29, PGNet Dev <pgnet.dev at gmail.com> a ?crit : > hi, > > On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wr...
2016 Jan 22
1
Does tinc have something akin to openvpn's --tls-auth ? Or do I not need that at all ?
Hello, I wanted to ask if tinc had something akin to openvpn's --tls-auth option, for all the reason's listed here: https://community.openvpn.net/openvpn/wiki/Hardening I have read http://www.tinc-vpn.org/documentation-1.1/tinc.pdf, but I have not seen anything similar. Or do I not need that feature at all because tinc handles cryptology different than openvpn ( tinc's uses RSA keys
2001 May 01
1
fatal compile error on SGI IRIX
IRIX64 6.5 01101245 IP27 20010425 CVS - (djm) Include crypt.h if available in auth-passwd.c cc-1143 cc: ERROR File = /usr/include/crypt.h, Line = 38 Declaration is incompatible with "void des_encrypt(unsigned long *, struct des_ks_struct *, int)" (declared at line 150 of "/usr/local/ssl/include/openssl/des.h"). extern void des_encrypt(char *, int);
2020 Sep 22
0
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...ix etc; Typically, here > > cat /etc/pki/tls/openssl.cnf > > openssl_conf = default_conf > > [default_conf] > ssl_conf = ssl_sect > > [ssl_sect] > system_default = system_default_sect > > [system_default_sect] > MinProtocol = TLSv1.2 > Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 > CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:...
2020 Sep 22
3
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
....cnf > > > > openssl_conf = default_conf > > > > [default_conf] > > ssl_conf = ssl_sect > > > > [ssl_sect] > > system_default = system_default_sect > > > > [system_default_sect] > > MinProtocol = TLSv1.2 > > Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 > > CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SH...
2020 Sep 23
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > On 9/22/20 10:51 AM, Aki Tuomi wrote: > >>> > > > > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue. > > I've NO issue with that config/setting with any _other_ app -- whether in general
2004 Jun 04
1
Samba, LDAP und TLS
Hi List ;-) I consider my question to be rather simple one ... nevertheless I could not find an answer to it up to now. I have an OpenLDAP-server which is the user-db for an samba3-server. I want to use TLS for secure communication, so I created a ca for this as well as keys/certificates for my LDAP and samba-server. Informing the LDAP-server about its certificate/key is easy ... but how do I