search for: dhparams

> On 19 August 2018 at 20:55 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > > On 19 August 2018 at 19:38 Kai Schaetzl <maillists at conactive.com> wrote: > > > > > > Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300: > > > > > Just generate new parameters on some machine with good entropy source. > > > > So, if

I did that the last time one year ago, now on another machine with the same software (Ubuntu 16.04) it fails. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem last command fails with 681+0 records in 681+0 records out 681 bytes copied, 0,00278343 s, 245 kB/s unable to load

On Fri, 22 Jun 2018, Aki Tuomi wrote: >> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert >> ssl-parameters.dat but how to make a new one? > > ... or you can make a fresh one using openssl > gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 > Note that this will require quite a lot of entropy, so you should > probably

Aki Tuomi wrote on Sun, 19 Aug 2018 20:56:28 +0300 (EEST): > openssl gendh 4096 > params.pem Ok. I then misunderstood what's written at https://wiki.dovecot.org/SSL/DovecotConfiguration I thought I need to create dh.pem in two steps: 1. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat 2. dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform

Based on the recent found weaknesses in DH key exchange, http://weakdh.org/ I increased ssl_dh_parameters_length to 2048 bits, and found waited for 5+ minutes for dovecot to come back online after a restart. Unless you got a fast machine, the initialization of DH parameters can exceed your patience. Regeneration may not be a problem (if ssl_parameters_regenerate=0 or if Dovecot uses old

Hello, I am getting errors when doing a make clean under /usr/src, I have always done this before doing a make world, and never a problem. I have tried deleting all of /usr/src and re cvsuped, but the problem persists. FreeBSD 4.7-STABLE #0: Fri Feb 14 13:49:58 EST 2003 ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o

...eter tls certfile = /var/lib/samba/private/tls/dc-cert.pem doing parameter tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem doing parameter tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl doing parameter tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem doing parameter ntlm auth = yes doing parameter winbind max clients = 10000 doing parameter min protocol = SMB2 pm_process() returned Yes added interface eth1 ip=fd2d:bba0:d4f9:4fb9:98fe:2ff:fe6b:adcb bcast= netmask=ffff:ffff:ffff:ffff:: added inter...

Thanks Joseph, Aki, but something missing from upgrade document, where does the dh param file go? I located ssl-parameters.dat so I will put it there. Quoting Joseph Tam <jtam.home at gmail.com>: > On Fri, 22 Jun 2018, Joseph Tam wrote: > >> However, recent advances make this condition obsolete [*] and not >> really safer, so a much faster way to generate a DH key is

On 16/7/20 5:54 am, Benny Pedersen wrote: >>> FWIW I meant if the client is Windows7/old-Outlook then changing >>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the >>> mail. > > windows 7 just need tls 1.0, why its need to disabled all, is as well > beyong me, do not disable tls 1.0 in dovecot aslong one have windows > 7 clients Would anyone

Hello, I'm experiencing a weird problem doing "make clean" in "/usr/src". It happens on a couple of FreeBSD 4.8-RELEASE machines (RELENG_4_8 to be precise). Cvsup, build & install phases all went fine, just "make clean" went wrong. I tried rm-ing the incriminated subdirectory and even rm-ing the checkout.cvs:RELENG_4_8 file and re-cvsupping but nothing

hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3 first I'm confused on diffie hellman parameters file. I never set up ssl-parameters.dat before (should i have? do I have one that was automatically made for me by dovecot?) Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? other

Am 04.07.2015 um 15:34 schrieb Gregory P. Ennis <PoMec at PoMec.Net>: > On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote: >> Everyone, >> >> Looks like the new version of oppenssl has broken my sendmail's use >> of >> tls. Has anyone else had this problem or seen a fix? >> >> Greg Ennis >>

>From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop working, failing with chan_sip.c:4083 retrans_pkt: Hanging up call 7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions). is there any way to configure to have the previous behaviour? Im trying to set

On Fri, 22 Jun 2018, Joseph Tam wrote: > However, recent advances make this condition obsolete [*] and not > really safer, so a much faster way to generate a DH key is > > openssl dhparam -dsaparam -out dh.pem 4096 > > DH generation is a one time operation, so if you're paranoid and you've > got time to burn, go ahead and generate the "safe" DH key. >

Hi, I couldn't really find documentation about ssl_dh_parameters_length except for mention in passing on the page https://wiki2.dovecot.org/SSL/DovecotConfiguration For version 2.3 and above is that setting necessary? If so what are the values I can use, is setting it high like 4096 beneficial or make any problems for clients? Thanks for assistance.

On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark Constable <markc at renta.net> wrote: > FWIW I meant if the client is Windows7/old-Outlook then changing either > 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had > to do this for a 100 or so clients a few months ago after upgrading to > Ubuntu 20.04. Really, really bad idea. You just

...ertfile = /var/lib/samba/private/tls/dc-cert.pem > > tls keyfile = > /var/lib/samba/private/tls/secure/dc-privkey.pem > > tls cafile = /var/lib/samba/private/tls/cacert.pem > > tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl > > tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem > > > > You could try recreating the cert files. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >

...e/tls/dc0-cert.pem tls keyfile = /var/lib/samba/private/tls/secure/dc0-privkey.pem tls cafile = /var/lib/samba/private/tls/cacert.pem tls cafile = /var/lib/samba/private/tls/interca.pem tls crlfile = /var/lib/samba/private/tls/rootca.crl tls crlfile = /var/lib/samba/private/tls/interca.crl tls dhparams file = /var/lib/samba/private/tls/dc0-dhparams.pem [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/test.example.de/scripts read only = No | Is that an Kerberos related Issue or Samba 4? Regards|| |||| || || ||

I have 2.2 installation on Centos 7, and, I'm trying to setup a new server, and, 'clone' existing setup: Dovecot/Postfix/Mysql on new Centos 7 installed from RPM 2.3.4.1 (3c0b8769e) I then copied/overwrote from old to new /etc/dovecot/*.conf (but not conf.d files), created self certs in place of old server certs and, started Dovecot is that totally dumb, and, how should I do this,

HotSlots Webmaster <webmaster at hotslots132.com> writes: > I have had Dovecot working fine with SSL for nearly two years now. It's > time to renew the SSL certificate, so I did (same CA). The new > certificate works fine in Apache and Postfix. But when I update Dovecot > to use the same certificate, and restart the server, Dovecot stops > responding to connects. > ...