Displaying 12 results from an estimated 12 matches for "cipherlist".
2018 Dec 16
5
ssh_dh?
Don't know if this was corrected in 2.3.4 (haven't upgraded yet but
didn't see it in the notes) - but in 2.3.3 I see this in my log:
imap-login: Error: Diffie-Hellman key exchange requested, but no DH
parameters provided. Set ssh_dh=</path/to/dh.pem
So...either there's an undocumented feature of SSH-over-IMAP (that's
Dovecot - always on the cutting edge!) or someone had
2017 Apr 14
4
several misc questions, public folders and sharing, quota, ssl
Hello,
I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to
optimize how the system is running and have a few misc questions.
First ssl, is my cipher list good? I'm trying for pfs and wanting to
ensure these cipherlist is appropriate:
ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
Next, a new feature that I'm trying for is virtual folders that store
All messages. My understanding of this is that it stores a version of
every received message in one place? I've got the virtual plugin
lo...
2020 May 31
5
I can no longer use TLS for Windows7 and Outlook
I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f.
A few months ago there was an update to all these systems and since
then I've had to talk W7 and old Mac clients through disabling ports
993/995 with TLS enabled back to ports 143/110 without SSL or they
could not pick up email. Thunderbird users (ie; me) were unaffected.
Could anyone share a set of port 993/995 SSL
2018 Dec 17
0
ssh_dh?
...lt;br>
</div>
<div>
--
</div>
<div>
Daniel
</div>
</blockquote>
<div>
<br>
</div>
<div>
It's a typo. We made non-ec DH optional in 2.3.4. This means you can remove all non-ec dh crypto algos from cipherlist. This was because ec support is pretty good and generating safe dh parameters takes a very long time, so one can simply stop supporting non-ec dh based algorithms.
</div>
<div class="io-ox-signature">
---
<br>Aki Tuomi
</div>
</body>
</html&g...
2020 May 31
0
I can no longer use TLS for Windows7 and Outlook
...</div>
</blockquote>
<div>
<br>
</div>
<div>
ssl_min_protocol = TLSv1.0
</div>
<div>
ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
</div>
<div>
<br>
</div>
<div>
if this works try tuning cipherlists to more secure value.
</div>
<div>
<br>
</div>
<div>
---
</div>
<div class="io-ox-signature">
<pre>Aki Tuomi</pre>
</div>
</body>
</html>
2020 May 31
1
I can no longer use TLS for Windows7 and Outlook
...n7 and up.
>>
>> Yes I know Win7 is no longer supported but that does not help the 100s
>> of older users I have that can't/won't upgrade their computers.
>
> ssl_min_protocol = TLSv1.0
> ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
>
> if this works try tuning cipherlists to more secure value.
>
> ---
> Aki Tuomi
Since you mention the newest Ubuntu version, it may (most likely) be
necessary to enable TLS 1.0 / 1.1 in openssl as well. I ran into this
with Debian 10 some time ago.
/etc/ssl/openssl.conf
[system_default_sect]
-MinProtocol = TLSv1.2
+MinP...
2018 Jan 09
2
openssl question
> but i try to this command
>
> openssl s_client -connect mail.mydomain:pop3s -starttls imap
>
> it says CONNECTED and hang. second command is correct?
Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as
IMAP/SSL (or whatever the hell the terminology is nowadays).
If you're testing IMAP, try one or the other or both depending
of how many flavours
2017 Apr 14
2
several misc questions, public folders and sharing, quota, ssl
...; I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to
>> >> optimize how the system is running and have a few misc questions.
>> >>
>> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to
>> >> ensure these cipherlist is appropriate:
>> >>
>> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
>> >>
>> >
>> > I would add @STRENGTH to the end, so it'll get sorted by strengthness.
>> >
>> >> Next, a new feature that I...
2015 Jul 04
1
sendmail tls and oppenssl
Am 04.07.2015 um 15:34 schrieb Gregory P. Ennis <PoMec at PoMec.Net>:
> On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote:
>> Everyone,
>>
>> Looks like the new version of oppenssl has broken my sendmail's use
>> of
>> tls. Has anyone else had this problem or seen a fix?
>>
>> Greg Ennis
>>
2023 Aug 17
21
[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
...on what went wrong; currently client simply aborts
with zero info.
4. If fips is enabled and sshd_config has ciphers which are
incompatible in fips mode, sshd should throw a warning and use the next
available fips complaint cipher from the list.
Even now, we can do the following in sshd_config,
cipherlist
aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com
But we have to do it in all the server instances. I think this should
be handled by server considering fips scenario.
Please feel free to correct me if I'm wrong here.
--
Yo...
2017 Apr 14
0
several misc questions, public folders and sharing, quota, ssl
...gt;
> >> I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to
> >> optimize how the system is running and have a few misc questions.
> >>
> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to
> >> ensure these cipherlist is appropriate:
> >>
> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
> >>
> >
> > I would add @STRENGTH to the end, so it'll get sorted by strengthness.
> >
> >> Next, a new feature that I'm trying for is virtual f...
2017 Apr 14
0
several misc questions, public folders and sharing, quota, ssl
...vecot 2.29 on a freebsd 10.3 system. I'm wanting to
> >> >> optimize how the system is running and have a few misc questions.
> >> >>
> >> >> First ssl, is my cipher list good? I'm trying for pfs and wanting to
> >> >> ensure these cipherlist is appropriate:
> >> >>
> >> >> ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
> >> >>
> >> >
> >> > I would add @STRENGTH to the end, so it'll get sorted by strengthness.
> >> >
> >> &g...