Displaying 20 results from an estimated 578 matches for "anul".
Did you mean:
andl
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
...l Dreyfus wrote:
> On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
>> Hello,
>> about the CVE-2015-0204, in apache the following config seems to disable
>> this vulnerability:
>> SSLProtocol All -SSLv2 -SSLv3
>> SSLCipherSuite
>> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>>
>> Is something similar possible with dovecot ?
> I use this with some succes:
>
> # dovecot has built-in protection against BEAST, therefore no need
> # to remove -SSLv2-SHA1:-TLSv10-SHA1
> ssl_protocols = !SSLv2 !SSLv3
&g...
2015 Jan 16
4
Outlook and TLSv.1
...works fine.
I found some posts about this but none of them had a real solution on
this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
ssl_cert = </var/qmail/control/servercert.pem
ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH
ssl_dh_parameters_length = 2048
ssl_key = </var/qmail/control/servercert.pem
ssl_protocols = !SSLv2 !TLSv1.2
The certificate is from Comodo using sha256.
Any idea?
Oliver
--
Protect your environment - close windows and adopt a penguin!
-------------- next part ------------...
2015 Jan 05
2
'ssl_cipher_list' setting
...ecot 2.2.15
I want pop3s, so I made
/usr/local/etc/dovecot/local.conf
ssl = yes
ssl_cert = </usr/local/etc/dovecot/server.pem
ssl_key = </usr/local/etc/dovecot/server.key
ssl_ca = </usr/local/etc/dovecot/ca.pem
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4
It's work fine.
But, change
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4
( SSLV3 -> SSLv3 )
I did trouble.
/var/log/maillog
Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx...
2017 Feb 06
0
Fwd: issue
...ecking for file ?lbmisc/DESCRIPTION? ... OK
* this is package ?lbmisc? version ?0.3.0?
* checking CRAN incoming feasibility ...* Trying 172.23.0.30...
* TCP_NODELAY set
* Connected to (nil) (172.23.0.30) port 8080 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@
STRENGTH
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Curl_http_done: called premature == 0
* Closing connection 0
* Trying 172.23.0.30...
* TCP_NODELAY set
* Connec...
2017 Apr 27
2
confused with ssl settings and some error - need help
...84:ECDHE-RSA-
> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!
> RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-
> CBC3-SHA:!KRB5-DES-CBC3-SHA
> >
>
> This looks rather cumbersome way to define ciphers.
>
> > 1. Are these settings good or can be improved?
> > 2. Is this line proper:
> > ssl...
2018 Jul 30
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
...ou could define by ssl_cipher_list see "openssl ciphers -v?
Hi Alexander and list,
I think there may be a discrepancy in the documentation.
On the wiki on the ?Dovecot SSL Configuration? page [1] under the section ?SSL security settings? it says:
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
In the conf.d/10-ssl.conf it states:
# SSL protocols to use
#ssl_protocols = !SSLv2
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
My new question is:
1. Are the SSL/TLS protocols to use and/or exclude specified in ?ssl_protocols?, ?ssl_cipher_list? or...
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
Hello,
about the CVE-2015-0204, in apache the following config seems to disable
this vulnerability:
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite
HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Is something similar possible with dovecot ?
If yes, what are the implications with old mail clients ?
--
Best regards,
Adrian Minta
2013 Sep 10
2
dovecot and PFS
...cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
-SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject
trafic. Therefore the cipher list get simplier in dovecot.conf:
ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL
:!eNULL
But that list is good for browsers. I am not aware of document...
2017 Jan 17
3
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file
# SSL protocols to use
ssl_protocols = !SSLv2
# SSL ciphers to use
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
I have seen different configurations while Googling. I am wondering
what the consensus is for the best settings for these two items. What
do the developers recommend?
Thanks!
--
Jerry
2017 Apr 27
2
confused with ssl settings and some error - need help
...SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
1. Are these settings good or can be improved?
2. Is this line proper:
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
or maybe should be:
ssl_protocols = !SSLv2 !SSLv3
3. Last thing. I have bel...
2018 Dec 15
0
Multiple SSL certs in a virtual Domain hosting environment
...ss_min_avail = 3
service_count = 1
user = dovecot
##vsz_limit = 1M
}
service imap {
executable = /usr/dovecot2/libexec/dovecot/imap
process_limit = 512
##vsz_limit = 256
}
ssl = yes
ssl_cert = <//etc/ssl/certs/wilcard.nk.ca.2018.chain.cert
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:aNULL: !NULL : !RC2 : !RC4 : !SEED : !IDEA : !SSLv3
ssl_key = </etc/ssl/certs/wilcard.nk.ca.2018.key
verbose_ssl = yes
ssl_dh=</usr/dovecot2/etc/dovecot/ssl/dh.pem
userdb {
driver = passwd
}
userdb {
args = /etc/passwd
driver = passwd-file
}
protocol imap {
imap_client_workarounds = del...
2017 Apr 27
2
confused with ssl settings and some error - need help
...at dovecot.fi>:
>
> > On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl>
> wrote:
> >
> >
> > Thank You for answers. But:
> > 1. How should be properly configured ssl_cipher_list?
>
> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!
> 3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> To disable non-EC DH, use:
>
> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> > 2. Ok, removed !TLSv1 !TLSv1.1.
> > 3...
2016 Nov 01
5
Repeat e-mail syndrome shows up in 2.2.26+
...service pop3 {
executable = /usr/dovecot2/libexec/dovecot/pop3
process_limit = 512
}
ssl_cert = </usr/dovecot2/etc/dovecot/ssl/pop3.nk.ca.2016.chain.crt
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:aNULL
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = /etc/passwd
driver = passwd-file
}
verbose_ssl = yes...
2015 Jan 18
1
Outlook and TLSv.1
...f them had a real solution on
>> this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
>>
>> I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
>>
>> ssl_cert = </var/qmail/control/servercert.pem
>> ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH
>> ssl_dh_parameters_length = 2048
>> ssl_key = </var/qmail/control/servercert.pem
>> ssl_protocols = !SSLv2 !TLSv1.2
>>
>> The certificate is from Comodo using sha256.
>>
>> Any idea?
>>
>> Oliver
>>
>there is no...
2017 Apr 27
0
confused with ssl settings and some error - need help
> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote:
>
>
> Thank You for answers. But:
> 1. How should be properly configured ssl_cipher_list?
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
To disable non-EC DH, use:
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> 2. Ok, removed !TLSv1 !TLSv1.1.
> 3. Strange thing with ssl_protocols and ssl_c...
2014 Dec 02
2
disabling certain ciphers
...o parse and avoiding duplicative or deprecated configs?
The behavior is also pretty strange; if I have something like one of the
following, with or without $ssl_protocols set to exclude SSLv2 and SSLv3:
ssl_cipher_list = HIGH:!MEDIUM:!LOW:!SSLv3
ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:+HIGH:!MEDIUM
TLS v1.0 and v1.1 get disabled as well.
I also can't seem to explicitly enable TLS 1.0 or 1.1 in
$ssl_cipher_list.
w
2015 Jan 19
1
Outlook and TLSv.1
...of them had a real solution on
>> this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
>>
>> I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
>>
>> ssl_cert = </var/qmail/control/servercert.pem
>> ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH
>> ssl_dh_parameters_length = 2048
>> ssl_key = </var/qmail/control/servercert.pem
>> ssl_protocols = !SSLv2 !TLSv1.2
>>
>> The certificate is from Comodo using sha256.
>>
>> Any idea?
>>
>> Oliver
>>
>
> there is...
2016 Nov 15
1
[PATCH] ssl: fix reference to SSLv2 and disable SSLv3
...conf.d/10-ssl.conf
+++ b/doc/example-config/conf.d/10-ssl.conf
@@ -46,7 +46,7 @@ ssl_key = </etc/ssl/private/dovecot.pem
#ssl_dh_parameters_length = 1024
# SSL protocols to use
-#ssl_protocols = !SSLv2
+#ssl_protocols = !SSLv3
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
diff --git a/src/lib-master/master-service-ssl-settings.c b/src/lib-master/master-service-ssl-settings.c
index 4a05045..6b43f6c 100644
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -44,7 +44,11 @@ static const struct master_service_ssl_set...
2017 Apr 30
2
confused with ssl settings and some error - need help
...>>
> >> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU
> >> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> >>
> >> To disable non-EC DH, use:
> >>
> >> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> >> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> >>
> >> > 2. Ok, removed !TLSv1 !TLSv1.1.
> >> > 3. Strange thing with ssl_protocols and ssl_cipher_list, because on
> >> older
> >> > server on Ubuntu 14.04 LTS, dovecot 2.2.9 an...
2018 Dec 19
1
How to configure Dovecot to disable NIST's curves and still rertain EECDH?
...ptographic primitives after the Dual EC DRBG debacle.
>From what I can tell, the following will prevent the use of NIST's
curves (along with other dangerous primitives) in Dovecot, but this is
accomplished by simply disabling EECDH entirely.
ssl_cipher_list = HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH
This should still retain forward secrecy through the use of EDH, but
this doesn't leave much in the way of allowable algorithms on my server:
$ openssl ciphers -V
'HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH'
0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 K...