search for: adh

...a protocol and cipher list spec. If it comes out to empty, your client won't be able to negotiate any SSL sessions, and you'll have include more ciphers. For example, TLSv1 protocol minus any low-grade encryption or SSLv2 ciphers: $ openssl ciphers -tlsv1 'ALL:\!LOW:\!SSLv2' ADH-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ADH-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:ADH-DES-CBC3-SHA:EXP-ADH-DES-CBC-SHA:ADH-RC4-MD5:EXP-ADH-RC4-MD5:EDH-RSA-DES-CBC3-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EXP-EDH-DSS-DES-CBC-SHA:DES-CBC3-SHA:EXP-DES...

...ce managesieve-login { inet_listener sieve { port = 2000 } } service quota-warning { executable = script /usr/bin/dovecot-quota-warning.sh user = postfix } ssl_ca = </etc/postfix/ssl/cacert.pem ssl_cert = </etc/postfix/ssl/servercrt.pem ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP-ADH-DES-CBC-SHA:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-ADH-RC4-MD5:!ADH-DES-CBC3-SHA:!ADH-RC4-MD5:!ADH-DES-CBC3-SHA:!ADH-AES128-SHA:!ADH-AES256-SHA:!ADH-RC4-MD5:!RC4 ssl_key = </etc/postfix/ssl/serverkey.pem userdb { args = /etc/dovecot/passwd driver = pas...

...To be compatible, it has to be changed to "ALL:!LOW" (just upercased in this case). IMO, this would be helpful because executing openssl ciphers -v 'all:!low' would not return any cipher, but openssl ciphers -v 'ALL:!LOW' would return the expected cipher list such as ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-...

...= yes } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_cert = </etc/dovecot/ssl_chain.pem ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:HIGH:MEDIUM:+TLSv1:+TLSv 1.1:+TLSv1.2:!RC4:!IDEA:!3DES:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!A ESGCM:!CAMELLIA:!SEED ssl_client_ca_file = /etc/pki/tls/cert.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = passwd } verbose_ssl = yes local 91.x.x.x { protocol imap { ssl_cert = </etc/doveco...

On 04.03.2015 18:19, Emmanuel Dreyfus wrote: > On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote: >> Hello, >> about the CVE-2015-0204, in apache the following config seems to disable >> this vulnerability: >> SSLProtocol All -SSLv2 -SSLv3 >> SSLCipherSuite >> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 >> >> Is

...= 1 > > ? unix_listener replicator-doveadm { > > ??? mode = 0666 > > ? } > > } > > ssl_cert = </etc/dovecot/ssl_chain.pem > > ssl_cipher_list = > ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!RC4:!IDEA:!3DES:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM:!CAMELLIA:!SEED > > ssl_client_ca_file = /etc/pki/tls/cert.pem > > ssl_dh = # hidden, use -P to show it > > ssl_key = # hidden, use -P to show it > > userdb { > > ? driver = passwd > > } > > verbose_ssl = yes > &...

...= yes } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_cert = </etc/dovecot/ssl_chain.pem ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:HIGH:MEDIUM:+TLSv1:+TLSv 1.1:+TLSv1.2:!RC4:!IDEA:!3DES:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!A ESGCM:!CAMELLIA:!SEED ssl_client_ca_file = /etc/pki/tls/cert.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = passwd } verbose_ssl = yes local 91.x.x.x { protocol imap { ssl_cert = </etc/doveco...

...with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current values (defaults) # doveconf ssl_cipher_list ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH # dovecot --version 2.3.4.1 thanks,

...mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } ssl = no ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } -- -- Best Regards, Walter Ulmke

...# 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-24-generic i686 Ubuntu 10.04.1 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_p...

...> export $ openssl ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL \ |tr ':' '\n' |sort> manu $ openssl ciphers ECDH at STRENGTH:DH at STRENGTH:HIGH |tr ':' '\n' |sort > adrian $ join export manu (nothing) $ join export adrian EXP-ADH-DES-CBC-SHA EXP-ADH-RC4-MD5 EXP-EDH-DSS-DES-CBC-SHA EXP-EDH-RSA-DES-CBC-SHA -- Emmanuel Dreyfus manu at netbsd.org

...t 10:55 AM Poliman - Serwis <serwis at poliman.pl> > wrote: > > > > > > Thank You for answers. But: > > 1. How should be properly configured ssl_cipher_list? > > ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:! > 3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > > To disable non-EC DH, use: > > ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS: > !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > > > 2. Ok, removed !TLSv1 !TLSv1.1. > > 3. Strange thing with ssl_protocols and ssl_cipher_lis...

...e imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } } ssl_cert = </etc/dovecot/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RS A:+HIGH:+MEDIUM ssl_key = </etc/dovecot/private/dovecot.pem userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static } doveconf: Error: protocols: Unknown protocol: sieve protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_ad...

...unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH: +MEDIUM ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe...

...ot;, na.strings="?") CaScSc = scirconv2[1:250,3:21] CaScCo = scirconv2[251:475,3:21] ScCoMWU = wilcox.test(CaScSc, CaScCo, alternative = "two.sided", mu = 0.5, paired = FALSE, exact = NULL, correct = TRUE, conf.int = TRUE, conf.level = 0.95) some of the data: ADH TPI1 TPI2 SOD DIA1 MNR1DIA2 MNR2DIA3 ME AAT1 AAT2 G3PDH SDH SDH2 PGI2 PGD PGM2 MDH1 MDH3 IDH2 251 1 1 1 1 1 1 1 1 1 1 1 1 1 2 1 4 1 1 4 252 NA NA NA NA NA NA 1 NA NA 2 1 1 NA 2 NA NA NA NA NA 253 1...

...rote: > >> > > >> > > >> > Thank You for answers. But: > >> > 1. How should be properly configured ssl_cipher_list? > >> > >> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU > >> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > >> > >> To disable non-EC DH, use: > >> > >> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS: > >> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > >> > >> > 2. Ok, removed !TLSv1 !TLSv1.1. &...

...group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = </etc/letsencrypt/live/example.com/privkey.pem userdb { driver = passwd } userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } protocol lmtp { mail_plugins = sieve postmaster_address = postmaster at example.com } proto...

.../postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = passwd } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nul...

...service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0600 user = postfix } unix_listener auth-userdb { group = vmail mode = 0660 user = vmail } } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = </etc/ssl/private/dovecot.pem syslog_facility = dovecot userdb { args = uid=vmail gid=vmail home=/home/vmail/%d/%n driver = static } +++ You probably see it immediatly what I fail to see. Thanks in advance -- Signatur Averlon info Mit freund...

...1.2.6: /etc/dovecot.conf # OS: Linux 2.6.30.9-96.fc11.x86_64 x86_64 Fedora release 11 (Leonidas) info_log_path: /var/log/maillog protocols: imaps ssl_listen: * ssl: required ssl_cert_file: /etc/pki/certs/dovecot/dovecot.pem ssl_key_file: /etc/pki/certs/dovecot/dovecot_key.pem ssl_cipher_list: ALL:!ADH!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM disable_plaintext_auth: yes verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login mail_privileged_group: dovecot_mail mail_debug: yes mail_plugins: autocreate quota imap_quota expire lda: postmaster_address: root at loca...