Displaying 9 results from an estimated 9 matches for "cipher_list".
2017 Sep 13
2
[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions
Hi,
I came up with the following patch while trying to figure out a good solution
for the situation described in Debian bug #871987[1]. In short, OpenSSL in
Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
unless an application requests otherwise, only TLSv1.2 is supported. In the
world of e-mail this is seemingly an issue, as there are still way too many old
clients
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
Add private key protection information extraction to shh-keygen using -v
option on top of -y option which is already parsing the private key.
Technically, the passphrase isn't necessary to do this, but it is the
most logical thing to do for me.
Adding this to -l option is not appropriate because fingerprinting is
using the .pub file when available.
An other idea is to add a new option, I
2013 Sep 10
2
dovecot and PFS
...rotocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
-SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject
trafic. Therefore the cipher list get simplier in dovecot.conf:
ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL
:!eNULL
But that list is good for browsers. I am not aware of documentation
about what ciphers are advertised by various mail client. How can I
know if that setting has some success pushing PFS? How can I
discover which cl...
2020 Sep 24
3
dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?
...com/dovecot/core/commit/8f6f04eb21276f28b81695dd0d3df57c7b8f43e4
checking openssl
rpm -ql openssl-devel-1.1.1g-1.fc32.x86_64 | grep -i ciphersuites
/usr/share/man/man3/SSL_CTX_set_ciphersuites.3ssl.gz
/usr/share/man/man3/SSL_set_ciphersuites.3ssl.gz
man SSL_set_ciphersuites
...
SSL_set_cipher_list() sets the list of ciphers (TLSv1.2 and below) only for ssl.
SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for ctx. This is a simple colon
(":") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names ar...
2023 Apr 03
2
[EXTERNAL] Fwd: ntlm_auth and freeradius
> I guess we have to look at the conf files then, first these two:
Thank you for the config file snippets. I can confirm mine were almost identical, so I've tweaked them so that they are now exactly the same as yours except for the "--require-membership-of=example\authorization_groupname" line in ntlm_auth.
Unfortunately it's still erroring out:
(7) mschap: Creating
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...r *cert)
@@ -1277,7 +1244,7 @@
ctx->ctx = ssl_ctx = SSL_CTX_new(SSLv23_server_method());
if (ssl_ctx == NULL)
i_fatal("SSL_CTX_new() failed");
- xnames = ssl_proxy_ctx_init(ssl_ctx, ssl_set, ctx->verify_client_cert);
+ ssl_proxy_ctx_init(ssl_ctx, ssl_set);
if (SSL_CTX_set_cipher_list(ssl_ctx, ctx->cipher_list) != 1) {
i_fatal("Can't set cipher list to '%s': %s",
@@ -1303,7 +1270,7 @@
ssl_proxy_ctx_use_key(ctx->ctx, ssl_set);
if (ctx->verify_client_cert)
- ssl_proxy_ctx_verify_client(ctx->ctx, xnames);
+ ssl_proxy_ctx_verify_client(ct...
2007 Mar 15
5
[PATCH 0/5] fix gcc warnings in CVS HEAD
Hi,
I have rewritten the patches I submitted earlier today for the CVS
HEAD. Some of the changes were already committed months ago.
On 2007/03/15 12:30, Timo Sirainen <tss at iki.fi> wrote:
> That's ok, but I'm not sure about bsearch_insert_pos(). It's the way it
> is mostly because I wanted to keep bsearch() API. If it can't return
> void * then maybe it could be
2008 Apr 21
3
FIPS 140-2 OpenSSL(2007) patches
...*p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
+#ifdef OPENSSL_FIPS
+ if (fips_mode && !(c->fips_allowed)) {
+ debug("cipher %s disallowed in FIPS mode [%s]",
p, names);
+ xfree(cipher_list);
+ return 0;
+ }
+#endif
if (c == NULL || c->number != SSH_CIPHER_SSH2) {
debug("bad cipher %s [%s]", p, names);
xfree(cipher_list);
@@ -291,9 +300,25 @@
cipher_set_key_string(CipherContext *cc, Cipher *cipher,
const char *passphra...
2019 Oct 07
3
Sieve redirect is broken in 2.3.7.2 - signal 11
Hi Stephan,
Here it is:
Program received signal SIGSEGV, Segmentation fault.
p_strdup (pool=pool at entry=0x55555579bc20, str=0x6d65642e6c69616d <error:
Cannot access memory at address 0x6d65642e6c69616d>) at strfuncs.c:51
51????? strfuncs.c: No such file or directory.
(gdb) bt full
#0? p_strdup (pool=pool at entry=0x55555579bc20, str=0x6d65642e6c69616d
<error: Cannot access memory at