search for: cipher_list

Hi, I came up with the following patch while trying to figure out a good solution for the situation described in Debian bug #871987[1]. In short, OpenSSL in Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that unless an application requests otherwise, only TLSv1.2 is supported. In the world of e-mail this is seemingly an issue, as there are still way too many old clients

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I

...rotocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL :!eNULL But that list is good for browsers. I am not aware of documentation about what ciphers are advertised by various mail client. How can I know if that setting has some success pushing PFS? How can I discover which cl...

...com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4 checking openssl rpm -ql openssl-devel-1.1.1g-1.fc32.x86_64 | grep -i ciphersuites /usr/share/man/man3/SSL_CTX_set_ciphersuites.3ssl.gz /usr/share/man/man3/SSL_set_ciphersuites.3ssl.gz man SSL_set_ciphersuites ... SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for ssl. SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for ctx. This is a simple colon (":") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names ar...

> I guess we have to look at the conf files then, first these two: Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth. Unfortunately it's still erroring out: (7) mschap: Creating

...r *cert) @@ -1277,7 +1244,7 @@ ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (ssl_ctx == NULL) i_fatal("SSL_CTX_new() failed"); - xnames = ssl_proxy_ctx_init(ssl_ctx, ssl_set, ctx->verify_client_cert); + ssl_proxy_ctx_init(ssl_ctx, ssl_set); if (SSL_CTX_set_cipher_list(ssl_ctx, ctx->cipher_list) != 1) { i_fatal("Can't set cipher list to '%s': %s", @@ -1303,7 +1270,7 @@ ssl_proxy_ctx_use_key(ctx->ctx, ssl_set); if (ctx->verify_client_cert) - ssl_proxy_ctx_verify_client(ctx->ctx, xnames); + ssl_proxy_ctx_verify_client(ct...

Hi, I have rewritten the patches I submitted earlier today for the CVS HEAD. Some of the changes were already committed months ago. On 2007/03/15 12:30, Timo Sirainen <tss at iki.fi> wrote: > That's ok, but I'm not sure about bsearch_insert_pos(). It's the way it > is mostly because I wanted to keep bsearch() API. If it can't return > void * then maybe it could be

...*p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); +#ifdef OPENSSL_FIPS + if (fips_mode && !(c->fips_allowed)) { + debug("cipher %s disallowed in FIPS mode [%s]", p, names); + xfree(cipher_list); + return 0; + } +#endif if (c == NULL || c->number != SSH_CIPHER_SSH2) { debug("bad cipher %s [%s]", p, names); xfree(cipher_list); @@ -291,9 +300,25 @@ cipher_set_key_string(CipherContext *cc, Cipher *cipher, const char *passphra...

Hi Stephan, Here it is: Program received signal SIGSEGV, Segmentation fault. p_strdup (pool=pool at entry=0x55555579bc20, str=0x6d65642e6c69616d <error: Cannot access memory at address 0x6d65642e6c69616d>) at strfuncs.c:51 51????? strfuncs.c: No such file or directory. (gdb) bt full #0? p_strdup (pool=pool at entry=0x55555579bc20, str=0x6d65642e6c69616d <error: Cannot access memory at