search for: dh2048

...tfix main.cf file (other lines default): tls_ssl_options = no_ticket, no_compression tls_preempt_cipherlist = yes smtpd_sasl_security_options=noanonymous,noplaintext smtpd_sasl_tls_security_options=noanonymous,noplaintext smtpd_tls_mandatory_ciphers = high smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't know what should be setup smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, DES-CBC3-SHA, RC4-MD5, RC4-SHA, ECDHE-RSA-RC4-...

...ptions = no_ticket, no_compression > > tls_preempt_cipherlist = yes > > smtpd_sasl_security_options=noanonymous,noplaintext > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > smtpd_tls_mandatory_ciphers = high > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > don't > > know what should be setup > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, > > aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, > ECDHE-RSA-DES-CBC3-S...

...# Diffie Hellman parameters - can''t use openvpn_file as it uses the # tunnel''s service and I don''t know how to make this once per node # file use a service which is once per tunnel file { "dh": path => "/etc/openvpn/keys/dh2048.pem", source => "puppet:///files/openvpn/dh2048.pem", ensure => present, mode => 0640, owner => root, group => root, require => [ File["/etc/openvpn/keys"], PACKAGE["openvpn"] ],...

Hi I have configured one line in postfix main.cf (after configure each line I check /var/log/mail.err): smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem After setup above line I have error in above log file (these 4 lines looped): Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: er...

...> tls_preempt_cipherlist = yes > > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > > smtpd_tls_mandatory_ciphers = high > > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > > > don't > > > > know what should be setup > > > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, > > > > aECDH, EDH-DSS-DES-CBC3-SH...

...default): > tls_ssl_options = no_ticket, no_compression > tls_preempt_cipherlist = yes > smtpd_sasl_security_options=noanonymous,noplaintext > smtpd_sasl_tls_security_options=noanonymous,noplaintext > smtpd_tls_mandatory_ciphers = high > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't > know what should be setup > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, > aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, > DES-CBC3-SHA, RC4-MD5...

...t; >> > > > smtpd_sasl_security_options=noanonymous,noplaintext > >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > >> > > > smtpd_tls_mandatory_ciphers = high > >> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > >> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > >> > > don't > >> > > > know what should be setup > >> > > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, > >> P...

...iostream_error()); + "DSA_dup_DH() failed: %s", + openssl_iostream_error()); return -1; -------------------------------------------------------------------------------- The other way to prevent long startup times is to pre-compute the DH parameter using "openssl dhparam -out dh2048.pem 2048". I can contribute a patch to do this (read file, convert it into ssl-parameters.dat, then set/behave like ssl_parameters_regenerate=0), but I couldn't figure out the best place to do this. ssl_params_if_unchanged()? Joseph Tam <jtam.home at gmail.com>

...pd_sasl_local_domain = $myhostname smtpd_sasl_path = inet:localhost:7425 smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = ${config_directory}/ssl_certs/star_example_com.pem smtpd_tls_dh1024_param_file = ${config_directory}/ssl_certs/dh2048.pem smtpd_tls_dh512_param_file = ${config_directory}/ssl_certs/dh512.pem smtpd_tls_eecdh_grade = strong smtpd_tls_key_file = ${config_directory}/ssl_certs/X_workremote_eu.key smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = TLSv1.2,!TLSv1.1, !TLSv1, !SSLv2, !SSLv3 smtpd_tls_securi...

...mpression > > > tls_preempt_cipherlist = yes > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > smtpd_tls_mandatory_ciphers = high > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > > don't > > > know what should be setup > > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, > > > aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA,...

Hi, I am trying to create an authenticated relay server using Postfix and Dovecot. However I am having two problems : (a) If I create a dovecot config entry as follows : unix_listener /var/spool/postfix-authrelay/private/dovecot-auth { group = postfix mode = 0666 user = postfix } Dovecot is unable to create the socket ? I thought surely if dovecot is started as root it should

Hi, I can no longer connect to Dovecot (IMAP). The connection is terminated by Dovecot after Client Helo. My server: Dovecot 2.3.3 Debian buster/sid Architecture: ppc My problems started in late August after upgrading Dovecot. SSL settings: ssl_dh = </etc/ssl/dh2048.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256...

..._cipherlist = yes >> > > > smtpd_sasl_security_options=noanonymous,noplaintext >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext >> > > > smtpd_tls_mandatory_ciphers = high >> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem >> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I >> > > don't >> > > > know what should be setup >> > > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, >> PSK, >> > > &g...

...; > > smtpd_sasl_security_options=noanonymous,noplaintext > > >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > >> > > > smtpd_tls_mandatory_ciphers = high > > >> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > >> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers > but I > > >> > > don't > > >> > > > know what should be setup > > >> > > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES,...

...pn vpn ACCEPT Just for background info on my vpn setup, here is the config on my hub router: router-hq:~# cat /etc/openvpn/sitelink.conf#Begin server.conf port 1194proto udpdev tun ca sitelink/ca.crt cert sitelink/router-hq.mydomain.com.crtkey sitelink/router-hq.mydomain.com.key dh sitelink/dh2048.pem server 172.16.1.0 255.255.255.0client-config-dir /etc/openvpn/sitelink/client-config route 192.168.10.0 255.255.255.0route 192.168.20.0 255.255.255.0route 192.168.30.0 255.255.255.0 push "route 192.168.2.0 255.255.255.0"push "route 192.168.10.0 255.255.255.0"push "rou...

...######################### # Which local IP address should OpenVPN # listen on? (optional) local 10.x.x.249 port 1194 # TCP or UDP server? proto udp #This is key to configuring our bridge dev tap0 #direct these to your generated files ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh2048.pem ifconfig-pool-persist ip-clients.txt #ensure the range of ip addresses you use in the last two arguments # of this statement are not in use by either the DHCP server or any other # device on your internal network. server-bridge 10.x.x.249 255.255.255.0 10.x.x.180 10.x.x.199 #needed to allow...