Displaying 20 results from an estimated 66 matches for "dhparams".
Did you mean:
dhparam
2018 Aug 19
2
creation of ssl-parameters fails
> On 19 August 2018 at 20:55 Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
>
>
> > On 19 August 2018 at 19:38 Kai Schaetzl <maillists at conactive.com> wrote:
> >
> >
> > Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300:
> >
> > > Just generate new parameters on some machine with good entropy source.
> >
> > So, if
2018 Aug 19
2
creation of ssl-parameters fails
I did that the last time one year ago, now on another machine with the
same software (Ubuntu 16.04) it fails.
openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam
-inform der > /etc/dovecot/dh.pem
last command fails with
681+0 records in
681+0 records out
681 bytes copied, 0,00278343 s, 245 kB/s
unable to load
2018 Jun 22
2
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Aki Tuomi wrote:
>> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert
>> ssl-parameters.dat but how to make a new one?
>
> ... or you can make a fresh one using openssl
> gendh 4096 > dh.pem
This also works
openssl dhparam -out dh.pem 4096
> Note that this will require quite a lot of entropy, so you should
> probably
2018 Aug 20
0
creation of ssl-parameters fails
Aki Tuomi wrote on Sun, 19 Aug 2018 20:56:28 +0300 (EEST):
> openssl gendh 4096 > params.pem
Ok. I then misunderstood what's written at
https://wiki.dovecot.org/SSL/DovecotConfiguration
I thought I need to create dh.pem in two steps:
1. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
2. dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl
dhparam -inform
2015 Nov 04
1
ssl-params: slow startup (patch for consideration)
Based on the recent found weaknesses in DH key exchange,
http://weakdh.org/
I increased ssl_dh_parameters_length to 2048 bits, and found waited
for 5+ minutes for dovecot to come back online after a restart.
Unless you got a fast machine, the initialization of DH parameters can
exceed your patience.
Regeneration may not be a problem (if ssl_parameters_regenerate=0 or if
Dovecot uses old
2003 May 23
1
error with make clean in /usr/src
Hello,
I am getting errors when doing a make clean under /usr/src, I have always
done this before doing a make world, and never a problem. I have tried
deleting all of /usr/src and re cvsuped, but the problem persists.
FreeBSD 4.7-STABLE #0: Fri Feb 14 13:49:58 EST 2003
===> secure/usr.bin/openssl
rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o
apps.o asn1pars.o ca.o
2017 Aug 10
4
NT_STATUS_INTERNAL_ERROR
...eter tls certfile = /var/lib/samba/private/tls/dc-cert.pem
doing parameter tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem
doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem
doing parameter tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl
doing parameter tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem
doing parameter ntlm auth = yes
doing parameter winbind max clients = 10000
doing parameter min protocol = SMB2
pm_process() returned Yes
added interface eth1 ip=fd2d:bba0:d4f9:4fb9:98fe:2ff:fe6b:adcb bcast= netmask=ffff:ffff:ffff:ffff::
added inter...
2018 Jun 25
1
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
Thanks Joseph, Aki, but something missing from upgrade document, where
does the dh param file go? I located ssl-parameters.dat so I will put
it there.
Quoting Joseph Tam <jtam.home at gmail.com>:
> On Fri, 22 Jun 2018, Joseph Tam wrote:
>
>> However, recent advances make this condition obsolete [*] and not
>> really safer, so a much faster way to generate a DH key is
2020 Jul 16
2
Outlook vs Thunderbird
On 16/7/20 5:54 am, Benny Pedersen wrote:
>>> FWIW I meant if the client is Windows7/old-Outlook then changing
>>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the
>>> mail.
>
> windows 7 just need tls 1.0, why its need to disabled all, is as well
> beyong me, do not disable tls 1.0 in dovecot aslong one have windows
> 7 clients
Would anyone
2003 Jun 13
1
Strange problem with "make clean"
Hello,
I'm experiencing a weird problem doing "make clean" in "/usr/src".
It happens on a couple of FreeBSD 4.8-RELEASE machines (RELENG_4_8 to
be precise).
Cvsup, build & install phases all went fine, just "make clean" went
wrong.
I tried rm-ing the incriminated subdirectory and even rm-ing the
checkout.cvs:RELENG_4_8 file and re-cvsupping but nothing
2018 Jun 22
2
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
hi sorry if question was asked already. Was reading
https://wiki2.dovecot.org/Upgrading/2.3
first I'm confused on diffie hellman parameters file. I never set up
ssl-parameters.dat before (should i have? do I have one that was
automatically made for me by dovecot?)
Do I need to make a fresh dh.pem? The upgrade doc tells how to convert
ssl-parameters.dat but how to make a new one?
other
2015 Jul 04
1
sendmail tls and oppenssl
Am 04.07.2015 um 15:34 schrieb Gregory P. Ennis <PoMec at PoMec.Net>:
> On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote:
>> Everyone,
>>
>> Looks like the new version of oppenssl has broken my sendmail's use
>> of
>> tls. Has anyone else had this problem or seen a fix?
>>
>> Greg Ennis
>>
2016 Oct 05
2
Ast 13.10 to 13.11 stop working webrtc
>From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop
working, failing with
chan_sip.c:4083 retrans_pkt: Hanging up call
7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our
critical packet (see
https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions).
is there any way to configure to have the previous behaviour?
Im trying to set
2018 Jun 22
0
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Joseph Tam wrote:
> However, recent advances make this condition obsolete [*] and not
> really safer, so a much faster way to generate a DH key is
>
> openssl dhparam -dsaparam -out dh.pem 4096
>
> DH generation is a one time operation, so if you're paranoid and you've
> got time to burn, go ahead and generate the "safe" DH key.
>
2019 May 19
1
Do we need ssl_dh_parameters_length in version 2.3
Hi, I couldn't really find documentation about ssl_dh_parameters_length
except for mention in passing on the page
https://wiki2.dovecot.org/SSL/DovecotConfiguration
For version 2.3 and above is that setting necessary? If so what are the
values I can use, is setting it high like 4096 beneficial or make any
problems for clients?
Thanks for assistance.
2020 Jul 15
2
Outlook vs Thunderbird
On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark
Constable <markc at renta.net> wrote:
> FWIW I meant if the client is Windows7/old-Outlook then changing either
> 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had
> to do this for a 100 or so clients a few months ago after upgrading to
> Ubuntu 20.04.
Really, really bad idea. You just
2017 Aug 11
0
NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
...ertfile = /var/lib/samba/private/tls/dc-cert.pem
> > tls keyfile =
> /var/lib/samba/private/tls/secure/dc-privkey.pem
> > tls cafile = /var/lib/samba/private/tls/cacert.pem
> > tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl
> > tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem
> >
>
> You could try recreating the cert files.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
2023 Jul 14
1
Samba 4 AD SmartCard Authentication Problem
...e/tls/dc0-cert.pem tls keyfile =
/var/lib/samba/private/tls/secure/dc0-privkey.pem tls cafile =
/var/lib/samba/private/tls/cacert.pem tls cafile =
/var/lib/samba/private/tls/interca.pem tls crlfile =
/var/lib/samba/private/tls/rootca.crl tls crlfile =
/var/lib/samba/private/tls/interca.crl tls dhparams file =
/var/lib/samba/private/tls/dc0-dhparams.pem [sysvol] path =
/var/lib/samba/sysvol read only = No [netlogon] path =
/var/lib/samba/sysvol/test.example.de/scripts read only = No |
Is that an Kerberos related Issue or Samba 4?
Regards||
||||
||
||
||
2019 Mar 03
2
migrating/cloning 2.2 > 2.3?
I have 2.2 installation on Centos 7, and, I'm trying to setup a new
server, and, 'clone' existing setup: Dovecot/Postfix/Mysql
on new Centos 7 installed from RPM 2.3.4.1 (3c0b8769e)
I then copied/overwrote from old to new /etc/dovecot/*.conf (but not
conf.d files), created self certs in place of old server certs
and, started Dovecot
is that totally dumb, and, how should I do this,
2016 Mar 06
2
Dovecot stops responding when I update SSL certificate
HotSlots Webmaster <webmaster at hotslots132.com> writes:
> I have had Dovecot working fine with SSL for nearly two years now. It's
> time to renew the SSL certificate, so I did (same CA). The new
> certificate works fine in Apache and Postfix. But when I update Dovecot
> to use the same certificate, and restart the server, Dovecot stops
> responding to connects.
> ...