Displaying 20 results from an estimated 80 matches for "camellia128".
2019 Oct 11
3
Error: SSL_accept() syscall failed
In setting up my new mail server, I am getting the following in the logs:
Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS
handshaking: SSL_accept() syscall failed: Success*,
session=<B9OokqCUD+UYNU8K>
I have tried various ssl_protocols entries, but for now have defaulted
back to
2015 Apr 28
1
Disable weak ciphers in vnc_tls
...ts DES-CBC3-SHA
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 256 bits CAMELLIA256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits CAMELLIA128-SHA
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Accepted TLSv1 112 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 112 bits DES-CBC3-SHA
how do we turn it off and only...
2017 Nov 10
2
Slow Kerberos Authentication
...aes128-cts-hmac-sha1-96 aes128-cts AES-128
CTS mode with 96-bit SHA-1 HMAC
arcfour-hmac rc4-hmac arcfour-hmac-md5
RC4 with HMAC/MD5
arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp
Exportable RC4 with HMAC/MD5 (weak)
camellia256-cts-cmac camellia256-cts
Camellia-256 CTS mode with CMAC
camellia128-cts-cmac camellia128-cts
Camellia-128 CTS mode with CMAC
des
The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)
des3
The triple DES family: des3-cbc-sha1
aes
The AES family: aes256-cts-hmac-sha1-96 and aes128-cts-hmac-sha1-96
rc4
The RC4 family: arcfour-hmac
camellia
The...
2015 Feb 12
2
Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
...1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl_ca = </etc/ipa/ca.crt
ssl_cert = </etc/pki/tls/certs/dovecot.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_client_ca_file = /etc/ipa/ca.crt
ssl_client_cert = </etc/pki/tls/certs/dovecot.pem
ssl_client_key = </etc/pki/tls/private/dovecot.key
ssl_key = </etc/pki/...
2015 Jan 09
2
dovecot on wheezy, best ssl configuration ?
...CM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
>
>
> Cheers,
> Philipp
2017 Nov 30
3
Plugin 'sieve_imapsieve' not found
...? mode = 0660
??? user = postfix
? }
? user = vmail
}
service managesieve-login {
? inet_listener sieve {
??? port = 4190
? }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.domain.tld/fullchain.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_dh_parameters_length = 2048
ssl_key = </etc/letsencrypt/live/mail.domain.tld/privkey.pem
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv3
userdb {
? args = /etc/dovecot/...
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...gt; lrwxrwxrwx. 1 root root 42 17. led 01.00 crypto-policies ->
> /etc/crypto-policies/back-ends/krb5.config
>
> [libdefaults]
> permitted_enctypes = aes256-cts-hmac-sha384-192
> aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96
> aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac
>
> When I remove this file, command returns correct results
Oh you did, please do not put it back.
>
> I suppose permitted_enctypes are not compatible with this samba
> version, I'm not sure which one is missing. Any suggestions?
>
No, Samba doesn't underst...
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
On 04.03.2015 18:19, Emmanuel Dreyfus wrote:
> On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
>> Hello,
>> about the CVE-2015-0204, in apache the following config seems to disable
>> this vulnerability:
>> SSLProtocol All -SSLv2 -SSLv3
>> SSLCipherSuite
>> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>>
>> Is
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...I'm not sure
my samba version is including files from that directory without
problems
When I've removed first two permitted_enctypes:
aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
to be:
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac
command works
No matter if this is included in file /etc/krb5.conf.d/crypto-policies or in main file /etc/krb5.conf
So my conclusion is:
these two enctypes are incompatible with samba-4.19.5 on Fedora 39
aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
It is in file: /usr/share...
2015 Jan 09
4
dovecot on wheezy, best ssl configuration ?
Hi all, when hardening dovecot against the POODLE vulnerability,
we followed the advise to disable SSL2 and SSL3
but this is giving problems with some email clients (claws-mail).
ssl_protocols = !SSLv2 !SSLv3
results in the following error:
dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>,
rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed:
error:1408A0C1:SSL
2015 Feb 12
0
Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
...> group = vmail
> mode = 0660
> user = vmail
> }
> }
> ssl_ca = </etc/ipa/ca.crt
> ssl_cert = </etc/pki/tls/certs/dovecot.pem
> ssl_cipher_list =
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> ssl_client_ca_file = /etc/ipa/ca.crt
> ssl_client_cert = </etc/pki/tls/certs/dovecot.pem
> ssl_client_key = </etc/pki/tls/private/dovecot.key
> ssl...
2020 Mar 30
2
Panic/Assert dns-lookup.c
...S256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
verbose_proctitle = yes
2017 Nov 11
0
Slow Kerberos Authentication
...-1 HMAC
>
> arcfour-hmac rc4-hmac arcfour-hmac-md5
> RC4 with HMAC/MD5
>
> arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp
> Exportable RC4 with HMAC/MD5 (weak)
>
> camellia256-cts-cmac camellia256-cts
> Camellia-256 CTS mode with CMAC
>
> camellia128-cts-cmac camellia128-cts
> Camellia-128 CTS mode with CMAC
>
> des
> The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)
>
> des3
> The triple DES family: des3-cbc-sha1
>
> aes
> The AES family: aes256-cts-hmac-sha1-96 and a...
2014 Dec 02
0
disabling certain ciphers
...CM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot...
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
...CM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
Cheers,
Philipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4296 bytes
Desc: S/MIME Cryptographic Sig...
2018 Sep 27
2
Username aliases
.../var/spool/postfix/private/quota-status {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/letsencrypt/live/calima.server-speed.net/fullchain.pem
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
args = username_fo...
2017 Nov 03
2
stats module
...postfix
? }
}
service imap-login {
? inet_listener imaps {
??? port = 993
??? ssl = yes
? }
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_protocols = !SSLv2 !SSLv3
userdb {
? driver = passwd
}
protocol lda {
? deliver_log_form...
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
...CM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
>>
>>
>>
>> Cheers,
>> Philipp
Hi,
yes, the ssl_prefer_server_ciphers setting was introduced in 2.2.x
It seems as if claws mail is preferring SSLv3, have you tried...
2015 Jan 26
4
imap-login: Fatal: pipe() failed: Too many open files
.../usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = vmail
}
ssl = required
ssl_cert = </etc/ssl/RootCA/certs/192.168.50.101.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = </etc/ssl/RootCA/certs/192.168.50.101.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = prefetch
}
userdb {
args =...
2015 Feb 06
2
TLS config check
...in.com.ecdsa.key
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list =
HIGH:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:ECDHE-RSA-AES256-SHA:+DHE-RSA-AES256-SHA:!AES256-SHA256:!AES256-GCM-SHA384:!CAMELLIA256-SHA:!AES128:!CAMELLIA128:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:+AES256-SHA
ssl_prefer_server_ciphers = yes
I would really appreciate it if someone could tell me if my config is
super secure? I run the following email clients:
K9 on Android 4.4.2
Thunderbird 31.4
Outlook 2010
I'm interested t...