search for: ssl_cipher

On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote: > I'm not Aki but hope you don't mind... > > On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: >> Hi, >> >> MariaDB documentation says it accepts OpenSSL cipher strings in its >> ssl_cipher parameters like ssl_cipher="TLSv1.2". >> This is also mentioned when creating or changing users in terms of >> setting this with the REQUIRE CIPHER parameter like CREATE USER ... >> REQUIRE CIPHER 'TLSv1.2'... >> So this is all very nice and also working bu...

I'm not Aki but hope you don't mind... On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: > Hi, > > MariaDB documentation says it accepts OpenSSL cipher strings in its ssl_cipher parameters like ssl_cipher="TLSv1.2". > This is also mentioned when creating or changing users in terms of setting this with the REQUIRE CIPHER parameter like CREATE USER ... REQUIRE CIPHER 'TLSv1.2'... > So this is all very nice and also working but sadly whith a connect...

...while --require_secure_transport=ON. - waiting for 5 seconds before retry Database connection string: connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \ ??? ssl_ca=/etc/dovecot/ca.pem \ ??? ssl_cert=/etc/dovecot/client-cert.pem \ ??? ssl_key=/etc/dovecot/client-key.pem \ ??? ssl_cipher=DHE-RSA-AES256-SHA If I leave the ssl_cipher unset, I get: Jul 19 00:23:41 turin dovecot: auth-worker(83069): Error: mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection error: Failed to set ciphers to use - waiting for 1 seconds before retry Any ideas? Thanks! Reio

Migrating a website from CentOS 6 ot 7. I try to fire up apache, and it fails, complaining of a directive: CustomLog logs/internal.oir.cit_ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" I'm googling, but I'd be happy if someone who knows apache more deeply could tell me what's wrong with that - am I missing a package I need to install, or had the directive syntax changed? Thanks in advance. mark

...12:15 PM, TG Servers via dovecot wrote: > Ok then it seems again a MariaDB issue, they don't check against IP in the SAN it seems, this has nothing to do with ssl_ca setting it seems > > host=<ip> port=<port> dbname=<db> user=<user> ssl_verify_server_cert=yes ssl_cipher=TLSv1.2 ssl_ca=/etc/ssl/certs/ca-bundle.crt password=<pwd> > brings up this > *Connect failed to database (vmail): SSL connection error: SSL certificate validation failure * > > host=<host> port=<port> dbname=<db> user=<user> ssl_verify_server_cert=no ssl...

...=ON. - waiting for 5 seconds before retry > > Database connection string: > > connect = host=db.mrst.ee dbname=vmail user=vmail password=stuff \ > ??? ssl_ca=/etc/dovecot/ca.pem \ > ??? ssl_cert=/etc/dovecot/client-cert.pem \ > ??? ssl_key=/etc/dovecot/client-key.pem \ > ??? ssl_cipher=DHE-RSA-AES256-SHA > > If I leave the ssl_cipher unset, I get: > > Jul 19 00:23:41 turin dovecot: auth-worker(83069): Error: > mysql(db.mrst.ee): Connect failed to database (vmail): SSL connection > error: Failed to set ciphers to use - waiting for 1 seconds before retry > >...

...be able to provide me with the EXACT set of ssl_* settings that should work with W7 please? I tried for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts... # 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL # https://ssl-config.mozilla.org OLD # openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1 #ssl_cipher_list = ECDHE-ECDSA**** # https://ssl-config.mozilla.org MEDIUM # openssl dhparam -dsaparam 2048 >...

...--------+--------------------------------+ | have_openssl | DISABLED | | have_ssl | DISABLED | | ssl_ca | /etc/pki/CA/certs/ca.crt | | ssl_capath | | | ssl_cert | /etc/pki/tls/certs/mysql.crt | | ssl_cipher | | | ssl_key | /etc/pki/tls/private/mysql.key | +---------------+--------------------------------+ 7 rows in set (0.01 sec) On the slave: mysql> show variables like '%ssl%'; +---------------+--------------------------------------+ | Variable_nam...

...r=vmail password=stuff \ </div> <div> ssl_ca=/etc/dovecot/ca.pem \ </div> <div> ssl_cert=/etc/dovecot/client-cert.pem \ </div> <div> ssl_key=/etc/dovecot/client-key.pem \ </div> <div> ssl_cipher=DHE-RSA-AES256-SHA </div> </blockquote> <div> Update: I got it to connect successfully now after downgrading the MySQL </div> <div> server tls-version from TLSv1.1 to TLSv1. </div> <div> <br> </div> <di...

...</div> <div> ssl_ca=/etc/dovecot/ca.pem \ </div> <div> ssl_cert=/etc/dovecot/client-cert.pem \ </div> <div> ssl_key=/etc/dovecot/client-key.pem \ </div> <div> ssl_cipher=DHE-RSA-AES256-SHA </div> </blockquote> <div> Update: I got it to connect successfully now after downgrading the MySQL </div> <div> server tls-version from TLSv1.1 to TLSv1. </div> <div> <br>...

...d: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<GN/GeCSlYuhEhl2U> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version...

.../var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache shared:SSL:128m; ssl_session_timeout 5m; } } and the puppet.conf [mai...

...d: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol, session=<GN/GeCSlYuhEhl2U> May 8 11:15:47 ns1 dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument This occurred when specifying one TLSv1.3 cipher to be excluded in ssl_cipher via an exclamation mark. On a side note of IMAP client, Latest Mozilla Thunderbird had its pref setting security.tls.version.fallback-limit to 4 (TLSv1.3), of which I have adjusted it to 3 (TLSv1.2) and it .... works when Dovecot is set to TLSv1.2. (Details of Thunderbird security.tls.version...

I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990). (The latest instructions I've used are at: https://www.unixmen.com/configure-vsftpd-ssltls-centos-7/) Using Filezilla client, I get: Error: GnuTLS error -15: An unexpected TLS packet was received. Error: Could not connect to

...op error. My actual httpd's config for this virtualhost is: NameVirtualHost 192.168.1.5:444 <VirtualHost 192.168.1.5:444> ServerName myweb01.local.domain ErrorLog logs/ssl_error.log CustomLog logs/ssl_access.log combined CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" LogLevel info SSLEngine on SSLProxyEngine On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2 SSLCertificateFile /etc/httpd/certs/server.crt SSLCertificateKeyFile /etc/httpd/certs/server.key Pro...

...g if there was something I could do to cut down on the amount of connections needed? I'm running 2.2.19 on a FreeBSD 10.2 system. I'm not sure what other information to provide, here's the relevant log and a doveconf -n. Second question, in the doveconf -n there's reference to my ssl_cipher am I using current tls ciphers that support pfs? Thanks. Dave. Oct 29 20:51:21 server dovecot: imap-login: Login: user=<xxx>, method=PLAIN, rip=::1, lip=::1, mpid=71405, secured, session=<6Px600cja6cAAAAAAAAAAAAAAAAAAAAB> Oct 29 20:51:21 server dovecot: imap(xxx): Disconnected: Logged...