search for: dsaparam

...eleting all of /usr/src and re cvsuped, but the problem persists. FreeBSD 4.7-STABLE #0: Fri Feb 14 13:49:58 EST 2003 ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_id.o smime.o speed.o spkac.o verify.o version.o x509.o CA.pl.1.gz asn1parse.1.gz ca.1.gz ciphers.1.gz crl.1...

...ed for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts... # 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL # https://ssl-config.mozilla.org OLD # openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1 #ssl_cipher_list = ECDHE-ECDSA**** # https://ssl-config.mozilla.org MEDIUM # openssl dhparam -dsaparam 2048 > /etc/dovecot/dh.pem #ssl_prefer_server_ciphers = no #ssl_min_protocol = TLSv1.2 #ssl_cipher_list...

...lnet authenc.o commands.o main.o network.o ring.o sys_bsd.o telnet.o terminal.o utilities.o telnet.1.gz telnet.1.cat.gz ===> secure/usr.bin/openssl rm -f buildinf.h openssl/opensslconf.h openssl/evp.h xopenssl app_rand.o apps.o asn1pars.o ca.o ciphers.o crl.o crl2p7.o dgst.o dh.o dhparam.o dsa.o dsaparam.o enc.o engine.o errstr.o gendh.o gendsa.o genrsa.o nseq.o ocsp.o openssl.o passwd.o pkcs12.o pkcs7.o pkcs8.o rand.o req.o rsa.o rsautl.o s_cb.o s_client.o s_server.o s_socket.o s_time.o sess_id.o smime.o speed.o spkac.o verify.o version.o x509.o CA.pl.1.gz asn1parse.1.gz ca.1.gz ciphers.1.gz crl.1...

...keys. Most of the time/entropy is taken up to produce a "safe" prime (p) such that (p-1)/2 is also prime to resist some factoring algorithms. However, recent advances make this condition obsolete [*] and not really safer, so a much faster way to generate a DH key is openssl dhparam -dsaparam -out dh.pem 4096 DH generation is a one time operation, so if you're paranoid and you've got time to burn, go ahead and generate the "safe" DH key. [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) Joseph Tam <jtam.home at gmail.com>

On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark Constable <markc at renta.net> wrote: > FWIW I meant if the client is Windows7/old-Outlook then changing either > 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had > to do this for a 100 or so clients a few months ago after upgrading to > Ubuntu 20.04. Really, really bad idea. You just

...ll put it there. Quoting Joseph Tam <jtam.home at gmail.com>: > On Fri, 22 Jun 2018, Joseph Tam wrote: > >> However, recent advances make this condition obsolete [*] and not >> really safer, so a much faster way to generate a DH key is >> >> openssl dhparam -dsaparam -out dh.pem 4096 >> >> DH generation is a one time operation, so if you're paranoid and you've >> got time to burn, go ahead and generate the "safe" DH key. >> >> [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) > > Oh, I...

...ou're unlucky, this can take a long time. However, it appears "safe" primes are not what they're cracked up to be -- they offer some guarantees, but are not safer than non-safe primes. Creating DH parameters without requiring primality of (p-1)/2 (i.e. what "openssl dhparam -dsaparam" does) results in much lower run-time bounds. I cribbed some OpenSSL code to create this (untested) patch. -------------------------------------------------------------------------------- --- iostream-openssl-params.c~ Tue Nov 3 16:08:38 2015 +++ iostream-openssl-params.c Tue Nov 3 15:43:3...

https://bugzilla.mindrot.org/show_bug.cgi?id=2006 Bug #: 2006 Summary: AIX 5.2 /32 bit - a windows Putty session will not connect to AIX box Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal

On Fri, 22 Jun 2018, Joseph Tam wrote: > However, recent advances make this condition obsolete [*] and not > really safer, so a much faster way to generate a DH key is > > openssl dhparam -dsaparam -out dh.pem 4096 > > DH generation is a one time operation, so if you're paranoid and you've > got time to burn, go ahead and generate the "safe" DH key. > > [*] https://security.stackexchange.com/questions/42415/openvpn-dhparam) Oh, I might have to backtrack on th...

...led ------- Additional Comments From djm at mindrot.org 2003-05-15 22:04 ------- This could be a problem in OpenSSL. Did you compile OpenSSL yourself? If so, please run the "make test" target (or equivalent) and verify it is functioning correctly. Otherwise, try running "openssl dsaparam 1024" ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...= /var/Security/mail.testdomain.com.privkey.dsa.pem ssl_cert_file = /var/Security/mail.testdomain.com.cert.dsa.pem ssl_ca_file = /var/Security/MyCertificateAuthority.CA.cert.dsa.pem ssl_verify_client_cert = no ssl_parameters_file = /var/Security/dsaparam.pem ssl_parameters_regenerate = 0 an attempt @ dovecot launch results in a logged error of: dovecot: Sep 11 11:58:43 Error: imap-login: Can't load private key file /var/Security/mail.testdomain.com.privkey.dsa.pem: error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an...

...t npt lbrv svm_lock nrip_save tsc_scale flushbyasid decodeassists pausefilter pfthreshold overflow_recov root at officelink01:~# openssl help Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dhparam dsa dsaparam ec ecparam enc engine errstr gendsa genpkey genrsa help list nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl p...

hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3 first I'm confused on diffie hellman parameters file. I never set up ssl-parameters.dat before (should i have? do I have one that was automatically made for me by dovecot?) Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? other

...l): gcc -o openssl -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DRSAref -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC -DMD5_ASM openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o -L. -L.. -L../.. -L../../.. -L.. -lssl -L.. -lcrypto -L/space/local/lib s_server.o: In function `sv_body': s_server.o(.t...

Hi, My name is Stefan Mangard and I plan to implement an extension to ssh as a final project in a cryptography class. Since I want to use an open source of ssh, I decided to use the openssh implementation. I am currently working with openssh-1.2.3, but I'd also like to implement my extension for protocol 2, I wanted to ask you how far the development of the implementation of openssh-2 is.

...t;> usr\ssl\man\man1\CA.pl.1 >> usr\ssl\man\man1\ciphers.1 >> usr\ssl\man\man1\crl.1 >> usr\ssl\man\man1\crl2pkcs7.1 >> usr\ssl\man\man1\dgst.1 >> usr\ssl\man\man1\dhparam.1 >> usr\ssl\man\man1\dsa.1 >> usr\ssl\man\man1\dsaparam.1 >> usr\ssl\man\man1\enc.1 >> usr\ssl\man\man1\errstr.1 >> usr\ssl\man\man1\gendsa.1 >> usr\ssl\man\man1\genrsa.1 >> usr\ssl\man\man1\md2.1 >> usr\ssl\man\man1\md4.1 >> usr\ssl\man\man1\md5.1 >> usr\ssl\man\man...

...t;> usr\ssl\man\man1\CA.pl.1 >> usr\ssl\man\man1\ciphers.1 >> usr\ssl\man\man1\crl.1 >> usr\ssl\man\man1\crl2pkcs7.1 >> usr\ssl\man\man1\dgst.1 >> usr\ssl\man\man1\dhparam.1 >> usr\ssl\man\man1\dsa.1 >> usr\ssl\man\man1\dsaparam.1 >> usr\ssl\man\man1\enc.1 >> usr\ssl\man\man1\errstr.1 >> usr\ssl\man\man1\gendsa.1 >> usr\ssl\man\man1\genrsa.1 >> usr\ssl\man\man1\md2.1 >> usr\ssl\man\man1\md4.1 >> usr\ssl\man\man1\md5.1 >> usr\ssl\man\man...

...cale > flushbyasid decodeassists pausefilter pfthreshold overflow_recov > > root at officelink01:~# openssl help > Standard commands > asn1parse         ca                ciphers           cms > crl               crl2pkcs7         dgst              dhparam > dsa               dsaparam          ec                ecparam > enc               engine            errstr            gendsa > genpkey           genrsa            help              list > nseq              ocsp              passwd            pkcs12 > pkcs7             pkcs8             pkey              pkeyparam...

...t;> usr\ssl\man\man1\CA.pl.1 >> usr\ssl\man\man1\ciphers.1 >> usr\ssl\man\man1\crl.1 >> usr\ssl\man\man1\crl2pkcs7.1 >> usr\ssl\man\man1\dgst.1 >> usr\ssl\man\man1\dhparam.1 >> usr\ssl\man\man1\dsa.1 >> usr\ssl\man\man1\dsaparam.1 >> usr\ssl\man\man1\enc.1 >> usr\ssl\man\man1\errstr.1 >> usr\ssl\man\man1\gendsa.1 >> usr\ssl\man\man1\genrsa.1 >> usr\ssl\man\man1\md2.1 >> usr\ssl\man\man1\md4.1 >> usr\ssl\man\man1\md5.1 >> usr\ssl\man\man...

Hello, I'm trying to set up a sendmail server on 4.8 that supports auth-based relaying. I followed the procedures at http://puresimplicity.net/~hemi/freebsd/sendmail.html, and aside from having to run makes manually in the library directories, I had no difficulty. I did not use the rebuild world recommendation, though. Everything is up and running, but whenever I try to send mail