search for: cipherlists

Don't know if this was corrected in 2.3.4 (haven't upgraded yet but didn't see it in the notes) - but in 2.3.3 I see this in my log: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem So...either there's an undocumented feature of SSH-over-IMAP (that's Dovecot - always on the cutting edge!) or someone had

Hello, I'm running dovecot 2.29 on a freebsd 10.3 system. I'm wanting to optimize how the system is running and have a few misc questions. First ssl, is my cipher list good? I'm trying for pfs and wanting to ensure these cipherlist is appropriate: ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH Next, a new feature that I'm trying for is virtual folders that

I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f. A few months ago there was an update to all these systems and since then I've had to talk W7 and old Mac clients through disabling ports 993/995 with TLS enabled back to ports 143/110 without SSL or they could not pick up email. Thunderbird users (ie; me) were unaffected. Could anyone share a set of port 993/995 SSL

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 17 December 2018 at 00:30 Daniel Miller via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

...</div> </blockquote> <div> <br> </div> <div> ssl_min_protocol = TLSv1.0 </div> <div> ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL </div> <div> <br> </div> <div> if this works try tuning cipherlists to more secure value. </div> <div> <br> </div> <div> --- </div> <div class="io-ox-signature"> <pre>Aki Tuomi</pre> </div> </body> </html>

...n7 and up. >> >> Yes I know Win7 is no longer supported but that does not help the 100s >> of older users I have that can't/won't upgrade their computers. > > ssl_min_protocol = TLSv1.0 > ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL > > if this works try tuning cipherlists to more secure value. > > --- > Aki Tuomi Since you mention the newest Ubuntu version, it may (most likely) be necessary to enable TLS 1.0 / 1.1 in openssl as well. I ran into this with Debian 10 some time ago. /etc/ssl/openssl.conf [system_default_sect] -MinProtocol = TLSv1.2 +MinPr...

> but i try to this command > > openssl s_client -connect mail.mydomain:pop3s -starttls imap > > it says CONNECTED and hang. second command is correct? Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays). If you're testing IMAP, try one or the other or both depending of how many flavours

Hi Aki, Thanks for your reply. Sorry, hit the reply to and not the reply to all option. So, even when a folder is a public folder I'm still needing to use the acl plugin? The public/TestFolder is showing up, the public/TestFolder1 is not. Thanks. Dave. On 4/14/17, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > Please keep responses on the list. Thank you. =) > > Without ACL

Am 04.07.2015 um 15:34 schrieb Gregory P. Ennis <PoMec at PoMec.Net>: > On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote: >> Everyone, >> >> Looks like the new version of oppenssl has broken my sendmail's use >> of >> tls. Has anyone else had this problem or seen a fix? >> >> Greg Ennis >>

https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: critical

Please keep responses on the list. Thank you. =) Without ACL plugin there is no way to restrict access, it's free for all. my site is a very tiny few user site, but ... auth_mechanisms = login plain mail_attribute_dict = file:%h/Mail/dovecot-attributes mail_location = sdbox:~/Mail mail_plugins = stats quota fts fts_lucene namespace inbox { inbox = yes list = yes location = mailbox

Can you try turning mail_debug=yes and posting logs? Also if possible, can you try telnetting to the server and issuing a LOGIN username password a SELECT public/TestFolder1 with debug turned on? ACL plugin is needed *iff* you want to *restrict* access. Aki > On April 14, 2017 at 11:53 PM David Mehler <dave.mehler at gmail.com> wrote: > > > Hi Aki, > > Thanks for