Displaying 20 results from an estimated 1071 matches for "aes128".
2018 Jan 06
2
TLS problem after upgrading from v2.2 to v2.3
...sed the defaults, both before and after the
upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default
changes. The new defaults broke the connection.
Jan
> what are your settings?
>
> Mine are below and they work just fine:
>
> ssl_cipher_list =
> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2020 Jun 27
2
SSL-Question
I set icecast.xmp:
<listen-socket>
<port>8000</port>
</listen-socket>
<listen-socket>
<port>8443</port>
<ssl>1</ssl>
</listen-socket>
8000 work, 8443 not work. If set ssl to port 8000 not work nothing
V V sob., 27. jun. 2020 ob 18:13 je oseba Paul Martin <pm at nowster.me.uk>
napisala:
2017 Mar 20
1
Deploying Diffie-Hellman for TLS
...ame across this URL:
https://www.weakdh.org/sysadmin.html which recommended these settings
for Dovecot. I would like to know if they are correct? Some much
documentation on the web is pure garbage.
Dovecot
These changes should be made in /etc/dovecot.conf
Cipher Suites
ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2020 Jun 12
1
Read-flag of mails don't update
...#39;t support libsodium and my machine doesn't have the memory for it.
Thank you! I actually set this to a better value for each password in
the passwd-file explicit, but it seems to be a good idea to change the
default value in the config as well.
>
>> ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2020 Jun 11
2
Read-flag of mails don't update
On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote:
> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.
Apologies, I did not see the attachments. Will look on a real screen later.
2017 Aug 23
3
socketpair failed: Too many open files on Debian 9
...24
ssl = yes
}
process_min_avail = 20
}
service managesieve-login {
executable = managesieve-login director
inet_listener sieve {
port = 4190
}
}
service pop3-login {
executable = pop3-login director
}
ssl_cert = </etc/ssl/certs/certum_wildcard.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2017 Aug 23
2
socketpair failed: Too many open files on Debian 9
...managesieve-login director
>> inet_listener sieve {
>> port = 4190
>> }
>> }
>> service pop3-login {
>> executable = pop3-login director
>> }
>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem
>> ssl_cipher_list =
>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi,
To default dovecot.conf file I added (based on found documentation):
ssl = required
disable_plaintext_auth = yes #change default 'no' to 'yes'
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_dh_parameters_length = 2048
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2018 Jan 08
1
TLS problem after upgrading from v2.2 to v2.3
Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes:
>> Mine are below and they work just fine:
>>
>> ssl_cipher_list =
>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2018 Sep 07
1
Auth process sometimes stop responding after upgrade
...mode = 0666
}
}
service imap-login {
executable = imap-login director
service_count = 0
vsz_limit = 128 M
}
service pop3-login {
executable = pop3-login director
service_count = 0
vsz_limit = 128 M
}
ssl_cert = </usr/local/etc/dovecot/qcom.wildcard.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-
AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-
SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-
SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AE...
2016 Mar 10
2
Client-initiated secure renegotiation
...Are you use good ssl_cipher_list
(https://wiki.mozilla.org/Security/Server_Side_TLS)?
My config
## Service options
# 10-ssl
ssl = yes
ssl_cert = </etc/pki/tls/certs/.crt
ssl_key = </etc/pki/tls/private/.key
ssl_require_crl = no
ssl_ca = </etc/pki/tls/cert.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2015 Dec 08
2
EVP_PKEY_get1_EC_KEY:expecting a ec key
...stmaster_address = postmaster at langzeittest.de
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
ssl_cert = </etc/dovecot/ssl-cert-langzeittest-plus-cacert.crt
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2020 Jun 28
2
SSL-Question
...started
[2020-06-28 07:54:24] DBUG yp/yp.c Updating YP configuration
[2020-06-28 07:54:24] INFO yp/yp.c YP update thread started
[2020-06-28 07:54:24] INFO connection/connection.c SSL certificate found
at icecast.pem
[2020-06-28 07:54:24] INFO connection/connection.c SSL using ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2016 Apr 29
4
Changing Password Schemes
...ner pop3s {
port = 995
ssl = yes
}
}
service pop3-postlogin {
executable = script-login /usr/local/etc/popafter.sh
user = $default_internal_user
}
service pop3 {
executable = pop3 pop3-postlogin
}
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2018 Apr 23
2
imap-login segfaulting on 2.3.1
...vail = 32
}
service imap {
process_limit = 20480
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service pop3-login {
executable = pop3-login director
process_limit = 20000
process_min_avail = 32
}
ssl_cert = </etc/dovecot/ssl/imap.sonic.net.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2017 Apr 27
2
confused with ssl settings and some error - need help
...ocumentation):
> > ssl = required
> > disable_plaintext_auth = yes #change default 'no' to 'yes'
> > ssl_prefer_server_ciphers = yes
> > ssl_options = no_compression
> > ssl_dh_parameters_length = 2048
> > ssl_cipher_list =
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> RSA-AE...
2020 Jun 24
2
SSL-Question
...started
[2020-06-24 12:54:54] DBUG yp/yp.c Updating YP configuration
[2020-06-24 12:54:54] INFO yp/yp.c YP update thread started
[2020-06-24 12:54:55] INFO connection/connection.c SSL certificate found
at icecast.pem
[2020-06-24 12:54:55] INFO connection/connection.c SSL using ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128
*(this chiphers is still going on, I just shor...
2015 Feb 06
2
TLS config check
According to https://cipherli.st/
> ssl = yes
> ssl_cert = </etc/dovecot.cert
> ssl_key = </etc/dovecot.key
> ssl_protocols = !SSLv2 !SSLv3
> ssl_cipher_list = AES128+EECDH:AES128+EDH
> ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6
> Is what you want.
Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list =
AES128+EECDH:AES128+EDH
Before I made this change clients were connecting with the following
cipher in the log file:
ECDHE-ECDSA-AES25...
2016 Apr 29
4
Changing Password Schemes
...>> executable = script-login /usr/local/etc/popafter.sh
>> user = $default_internal_user
>> }
>> service pop3 {
>> executable = pop3 pop3-postlogin
>> }
>> ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
>> ssl_cipher_list =
>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...
2016 Oct 30
2
Defining INDEX target to other location than maildir seems to have no effect.
...able = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = vmail
}
ssl = required
ssl_ca = </etc/ssl/censored.hostname.com/ssl-bundle-mail.crt
ssl_cert = </etc/ssl/censored.hostname.com/censored_hostname.com.crt
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256...