Displaying 20 results from an estimated 576 matches for "ecdh".
Did you mean:
ecdhe
2018 Jan 06
2
TLS problem after upgrading from v2.2 to v2.3
...reply; I used the defaults, both before and after the
upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default
changes. The new defaults broke the connection.
Jan
> what are your settings?
>
> Mine are below and they work just fine:
>
> ssl_cipher_list =
> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2020 Jun 27
2
SSL-Question
I set icecast.xmp:
<listen-socket>
<port>8000</port>
</listen-socket>
<listen-socket>
<port>8443</port>
<ssl>1</ssl>
</listen-socket>
8000 work, 8443 not work. If set ssl to port 8000 not work nothing
V V sob., 27. jun. 2020 ob 18:13 je oseba Paul Martin <pm at nowster.me.uk>
napisala:
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
# HG changeset patch
# User David Hicks <david at hicks.id.au>
# Date 1373085976 -36000
# Sat Jul 06 14:46:16 2013 +1000
# Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e
# Parent 1fbac590b9d4dc05d81247515477bfe6192c262c
login-common: Add support for ECDH/ECDHE cipher suites
ECDH temporary key parameter selection must be performed during OpenSSL
context initialisation before ECDH and ECDHE cipher suites can be used.
OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection.
For OpenSSL < 1.0.2 we must manually specify a n...
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi,
To default dovecot.conf file I added (based on found documentation):
ssl = required
disable_plaintext_auth = yes #change default 'no' to 'yes'
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_dh_parameters_length = 2048
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2018 Jul 16
1
ssl_dh required, even though DH is disabled.
...0113): /etc/dovecot/dovecot.conf
# OS: Linux 4.17.5-1-ARCH x86_64 Arch Linux
# Hostname: vault
passdb {
? driver = pam
}
protocols = imap
service imap-login {
? inet_listener imap {
??? port = 0
? }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/myhostname.com/fullchain.pem
ssl_cipher_list =
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384...
2018 May 09
1
possible to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers.
Hi,
I want to disable dh_key/ssl-parameters.dat entirely since i'm only using
ECDHE ciphers.
> # 2.2.34 (874deae): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: somehost.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars =
"abcdefghijklmnopqrstuvwxy...
2018 Jan 08
1
TLS problem after upgrading from v2.2 to v2.3
Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes:
>> Mine are below and they work just fine:
>>
>> ssl_cipher_list =
>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2017 Mar 20
1
Deploying Diffie-Hellman for TLS
...ecot and came across this URL:
https://www.weakdh.org/sysadmin.html which recommended these settings
for Dovecot. I would like to know if they are correct? Some much
documentation on the web is pure garbage.
Dovecot
These changes should be made in /etc/dovecot.conf
Cipher Suites
ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2020 Jan 23
3
PJSIP and Grandstream Wave with TSL and SRTP
...t/asterisk.pem
> > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt
> > method = sslv23
>
> This is what mine looks like which works just fine:
>
> [transport-tls]
> type = transport
> protocol = tls
> method = tlsv1_2
> cipher =
> ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128
> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-
> AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
> cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem
&...
2016 Mar 10
2
Client-initiated secure renegotiation
...39;R'.
Are you use good ssl_cipher_list
(https://wiki.mozilla.org/Security/Server_Side_TLS)?
My config
## Service options
# 10-ssl
ssl = yes
ssl_cert = </etc/pki/tls/certs/.crt
ssl_key = </etc/pki/tls/private/.key
ssl_require_crl = no
ssl_ca = </etc/pki/tls/cert.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2017 Apr 27
2
confused with ssl settings and some error - need help
...on found documentation):
> > ssl = required
> > disable_plaintext_auth = yes #change default 'no' to 'yes'
> > ssl_prefer_server_ciphers = yes
> > ssl_options = no_compression
> > ssl_dh_parameters_length = 2048
> > ssl_cipher_list =
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-...
2020 Jun 12
1
Read-flag of mails don't update
...hain didn't support libsodium and my machine doesn't have the memory for it.
Thank you! I actually set this to a better value for each password in
the passwd-file explicit, but it seems to be a good idea to change the
default value in the config as well.
>
>> ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2020 Jun 11
2
Read-flag of mails don't update
On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote:
> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.
Apologies, I did not see the attachments. Will look on a real screen later.
2020 Jun 28
2
SSL-Question
....4 server started
[2020-06-28 07:54:24] DBUG yp/yp.c Updating YP configuration
[2020-06-28 07:54:24] INFO yp/yp.c YP update thread started
[2020-06-28 07:54:24] INFO connection/connection.c SSL certificate found
at icecast.pem
[2020-06-28 07:54:24] INFO connection/connection.c SSL using ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2017 Aug 23
3
socketpair failed: Too many open files on Debian 9
...port = 24
ssl = yes
}
process_min_avail = 20
}
service managesieve-login {
executable = managesieve-login director
inet_listener sieve {
port = 4190
}
}
service pop3-login {
executable = pop3-login director
}
ssl_cert = </etc/ssl/certs/certum_wildcard.pem
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2017 Aug 23
2
socketpair failed: Too many open files on Debian 9
...ecutable = managesieve-login director
>> inet_listener sieve {
>> port = 4190
>> }
>> }
>> service pop3-login {
>> executable = pop3-login director
>> }
>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem
>> ssl_cipher_list =
>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-...
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...i/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
Options = PrioritizeChaCha,S...
2020 Jun 24
2
SSL-Question
....4 server started
[2020-06-24 12:54:54] DBUG yp/yp.c Updating YP configuration
[2020-06-24 12:54:54] INFO yp/yp.c YP update thread started
[2020-06-24 12:54:55] INFO connection/connection.c SSL certificate found
at icecast.pem
[2020-06-24 12:54:55] INFO connection/connection.c SSL using ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128
*(this chiphers is still going on,...
2018 Sep 07
1
Auth process sometimes stop responding after upgrade
...ector {
mode = 0666
}
}
service imap-login {
executable = imap-login director
service_count = 0
vsz_limit = 128 M
}
service pop3-login {
executable = pop3-login director
service_count = 0
vsz_limit = 128 M
}
ssl_cert = </usr/local/etc/dovecot/qcom.wildcard.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-
AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-
SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-
SHA:ECDHE-RSA-AES256-SHA384:EC...
2015 Jan 26
3
Apache and SSLv3
Hi list,
I'm configuring apache with https and I've a question about sslv3
deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128)
Mac=AEAD
.........
Each lines report relative protocol.
Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
that has protocol...