Displaying 20 results from an estimated 70 matches for "camellia256".
2013 Aug 14
2
proxy: get rid of redundant log-informations
...=%r %k
is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part
because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements"
as well as for the "TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" it would be enough "TLSv1 DHE-RSA-CAMELLIA256-SHA"
the reason is simple:
* all needed informations are present
* smaller logfiles
* nicer "tail -f" on the syslog without breaks
_____________________________________________
Aug 14 16:31:46 testserver dovecot: imap-log...
2019 Oct 11
3
Error: SSL_accept() syscall failed
In setting up my new mail server, I am getting the following in the logs:
Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS
handshaking: SSL_accept() syscall failed: Success*,
session=<B9OokqCUD+UYNU8K>
I have tried various ssl_protocols entries, but for now have defaulted
back to
2015 Apr 28
1
Disable weak ciphers in vnc_tls
...ccepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA
Accepted SSLv3 112 bits DES-CBC3-SHA
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 256 bits CAMELLIA256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits DHE-RSA-CAMELLIA128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits CAMELLIA128-SHA
Accepted...
2017 Nov 10
2
Slow Kerberos Authentication
...56-cts-hmac-sha1-96 aes256-cts AES-256
CTS mode with 96-bit SHA-1 HMAC
aes128-cts-hmac-sha1-96 aes128-cts AES-128
CTS mode with 96-bit SHA-1 HMAC
arcfour-hmac rc4-hmac arcfour-hmac-md5
RC4 with HMAC/MD5
arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp
Exportable RC4 with HMAC/MD5 (weak)
camellia256-cts-cmac camellia256-cts
Camellia-256 CTS mode with CMAC
camellia128-cts-cmac camellia128-cts
Camellia-128 CTS mode with CMAC
des
The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)
des3
The triple DES family: des3-cbc-sha1
aes
The AES family: aes256-cts-hmac-sha1-96 and aes1...
2015 Feb 12
2
Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
...process_min_avail = 1
unix_listener replicator-doveadm {
group = vmail
mode = 0660
user = vmail
}
}
ssl_ca = </etc/ipa/ca.crt
ssl_cert = </etc/pki/tls/certs/dovecot.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_client_ca_file = /etc/ipa/ca.crt
ssl_client_cert = </etc/pki/tls/certs/dovecot.pem
ssl_client_key = </etc/pki/tls/private/dovecot.key
ss...
2015 Jan 09
2
dovecot on wheezy, best ssl configuration ?
...-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
>
>
> Cheers,
> Philipp
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...-l /etc/krb5.conf.d
> lrwxrwxrwx. 1 root root 42 17. led 01.00 crypto-policies ->
> /etc/crypto-policies/back-ends/krb5.config
>
> [libdefaults]
> permitted_enctypes = aes256-cts-hmac-sha384-192
> aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96
> aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac
>
> When I remove this file, command returns correct results
Oh you did, please do not put it back.
>
> I suppose permitted_enctypes are not compatible with this samba
> version, I'm not sure which one is missing. Any suggestions?
>
No, Samb...
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
On 04.03.2015 18:19, Emmanuel Dreyfus wrote:
> On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
>> Hello,
>> about the CVE-2015-0204, in apache the following config seems to disable
>> this vulnerability:
>> SSLProtocol All -SSLv2 -SSLv3
>> SSLCipherSuite
>> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>>
>> Is
2024 Apr 05
1
Strange problem with samba-tool dns query ...
...' line.
> >
I'm not sure
my samba version is including files from that directory without
problems
When I've removed first two permitted_enctypes:
aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
to be:
permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac
command works
No matter if this is included in file /etc/krb5.conf.d/crypto-policies or in main file /etc/krb5.conf
So my conclusion is:
these two enctypes are incompatible with samba-4.19.5 on Fedora 39
aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128
It i...
2015 Jan 09
4
dovecot on wheezy, best ssl configuration ?
Hi all, when hardening dovecot against the POODLE vulnerability,
we followed the advise to disable SSL2 and SSL3
but this is giving problems with some email clients (claws-mail).
ssl_protocols = !SSLv2 !SSLv3
results in the following error:
dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>,
rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed:
error:1408A0C1:SSL
2015 Feb 12
0
Dovecot dsync not replicating ".dovecot.sieve -> .sieve/managesieve.sieve" / setactive
...replicator-doveadm {
> group = vmail
> mode = 0660
> user = vmail
> }
> }
> ssl_ca = </etc/ipa/ca.crt
> ssl_cert = </etc/pki/tls/certs/dovecot.pem
> ssl_cipher_list =
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> ssl_client_ca_file = /etc/ipa/ca.crt
> ssl_client_cert = </etc/pki/tls/certs/dovecot.pem
> ssl_client_key = </etc/pki/tls/private...
2020 Mar 30
2
Panic/Assert dns-lookup.c
...S128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
verbose_proctitle = yes
2017 Nov 11
0
Slow Kerberos Authentication
...C
>
> aes128-cts-hmac-sha1-96 aes128-cts AES-128
> CTS mode with 96-bit SHA-1 HMAC
>
> arcfour-hmac rc4-hmac arcfour-hmac-md5
> RC4 with HMAC/MD5
>
> arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp
> Exportable RC4 with HMAC/MD5 (weak)
>
> camellia256-cts-cmac camellia256-cts
> Camellia-256 CTS mode with CMAC
>
> camellia128-cts-cmac camellia128-cts
> Camellia-128 CTS mode with CMAC
>
> des
> The DES family: des-cbc-crc, des-cbc-md5, and des-cbc-md4 (weak)
>
> des3
> The triple DES fa...
2014 Dec 02
0
disabling certain ciphers
...-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/a...
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
...-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
Cheers,
Philipp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4296 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://d...
2016 Nov 21
0
samba tls protocols and ciphers change how?
...305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DES-CBC3-SHA AES128-SHA AES128-SHA256 HIGH !DHE-RSA-CAMELLIA256-SHA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4 !AES128 !CAMELLIA128 !AES256-SHA256 !AES256-SHA !CAMELLIA256-SHA !AES256-GCM-SHA384
Greetz,
Louis
2018 Sep 27
2
Username aliases
...tfix
unix_listener /var/spool/postfix/private/quota-status {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/letsencrypt/live/calima.server-speed.net/fullchain.pem
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {...
2017 Nov 03
2
stats module
...0660
??? user = postfix
? }
}
service imap-login {
? inet_listener imaps {
??? port = 993
??? ssl = yes
? }
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_protocols = !SSLv2 !SSLv3
userdb {
? driver = passwd
}
protocol lda {...
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
...-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!SSLv2
>>
>>
>>
>> Cheers,
>> Philipp
Hi,
yes, the ssl_prefer_server_ciphers setting was introduced in 2.2.x
It seems as if claws mail is preferring SSLv3, have you tried connecting
with another...
2015 Jan 26
4
imap-login: Fatal: pipe() failed: Too many open files
...executable = script /usr/local/bin/quota-warning.sh
unix_listener quota-warning {
user = vmail
}
user = vmail
}
ssl = required
ssl_cert = </etc/ssl/RootCA/certs/192.168.50.101.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = </etc/ssl/RootCA/certs/192.168.50.101.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = prefetch...