Displaying 20 results from an estimated 382 matches for "enul".
Did you mean:
endl
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
...us wrote:
> On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
>> Hello,
>> about the CVE-2015-0204, in apache the following config seems to disable
>> this vulnerability:
>> SSLProtocol All -SSLv2 -SSLv3
>> SSLCipherSuite
>> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>>
>> Is something similar possible with dovecot ?
> I use this with some succes:
>
> # dovecot has built-in protection against BEAST, therefore no need
> # to remove -SSLv2-SHA1:-TLSv10-SHA1
> ssl_protocols = !SSLv2 !SSLv3
> ssl_...
2017 Apr 27
2
confused with ssl settings and some error - need help
...E-RSA-
> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!
> RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-
> CBC3-SHA:!KRB5-DES-CBC3-SHA
> >
>
> This looks rather cumbersome way to define ciphers.
>
> > 1. Are these settings good or can be improved?
> > 2. Is this line proper:
> > ssl_protoc...
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
Hello,
about the CVE-2015-0204, in apache the following config seems to disable
this vulnerability:
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite
HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Is something similar possible with dovecot ?
If yes, what are the implications with old mail clients ?
--
Best regards,
Adrian Minta
2013 Sep 10
2
dovecot and PFS
...all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
-SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject
trafic. Therefore the cipher list get simplier in dovecot.conf:
ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:!MD5:!DES:!aNULL
:!eNULL
But that list is good for browsers. I am not aware of documentation
a...
2017 Apr 27
2
confused with ssl settings and some error - need help
...cot.fi>:
>
> > On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl>
> wrote:
> >
> >
> > Thank You for answers. But:
> > 1. How should be properly configured ssl_cipher_list?
>
> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!
> 3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> To disable non-EC DH, use:
>
> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> > 2. Ok, removed !TLSv1 !TLSv1.1.
> > 3. Stran...
2017 Apr 27
2
confused with ssl settings and some error - need help
...ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
1. Are these settings good or can be improved?
2. Is this line proper:
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
or maybe should be:
ssl_protocols = !SSLv2 !SSLv3
3. Last thing. I have below erro...
2017 Apr 30
2
confused with ssl settings and some error - need help
...;serwis at poliman.pl>
> >> wrote:
> >> >
> >> >
> >> > Thank You for answers. But:
> >> > 1. How should be properly configured ssl_cipher_list?
> >>
> >> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU
> >> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> >>
> >> To disable non-EC DH, use:
> >>
> >> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> >> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> >>
> >>...
2017 Apr 27
0
confused with ssl settings and some error - need help
> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote:
>
>
> Thank You for answers. But:
> 1. How should be properly configured ssl_cipher_list?
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
To disable non-EC DH, use:
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> 2. Ok, removed !TLSv1 !TLSv1.1.
> 3. Strange thing with ssl_protocols and ssl_cipher_l...
2018 Dec 19
1
How to configure Dovecot to disable NIST's curves and still rertain EECDH?
...hic primitives after the Dual EC DRBG debacle.
>From what I can tell, the following will prevent the use of NIST's
curves (along with other dangerous primitives) in Dovecot, but this is
accomplished by simply disabling EECDH entirely.
ssl_cipher_list = HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH
This should still retain forward secrecy through the use of EDH, but
this doesn't leave much in the way of allowable algorithms on my server:
$ openssl ciphers -V
'HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH'
0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH...
2017 Apr 27
0
confused with ssl settings and some error - need help
...7, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl>
>> wrote:
>> >
>> >
>> > Thank You for answers. But:
>> > 1. How should be properly configured ssl_cipher_list?
>>
>> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU
>> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>>
>> To disable non-EC DH, use:
>>
>> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
>> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>>
>> > 2. Ok, removed !TLSv1 !TLSv1...
2017 May 05
0
confused with ssl settings and some error - need help
...> wrote:
> > >> >
> > >> >
> > >> > Thank You for answers. But:
> > >> > 1. How should be properly configured ssl_cipher_list?
> > >>
> > >> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU
> > >> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> > >>
> > >> To disable non-EC DH, use:
> > >>
> > >> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> > >> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
&...
2016 Mar 14
2
TLS_CIPHER_SUITE - OpenLDAP connection
What would be a working TLS_CIPHER_SUITE in ldap.conf for Samba 4. I'm
asking, cause I had to remove
TLS_CIPHER_SUITE TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!MD5:!3DES:@STRENGTH
from my ldap.conf for samba to work. This wasn't documented anywhere. I
think this should be mentoined in the wiki as well as in the man
smb.conf under tls.
2019 Oct 28
3
changing cipher for imap clients
...TLS connection established from * TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
how can I tell dovecot to use AES256, instead of AES128 ?
is this set by ssl_cipher_list ? Here are my current values (defaults)
# doveconf ssl_cipher_list
ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
# dovecot --version
2.3.4.1
thanks,
2017 Apr 26
3
Apache + SSL: default configuration rated "C" by Qualys Labs
...available, but I don't
think there should be much difference between EL7 and Fedora.
This config gets my an A+ rating on the sslabs test:
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES
!CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4"
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000;
includeSubDomains; preload"
</IfModule>
https://www.ssllabs.com/ssltest/analyze.html?d=www.hogarthuk.com
IIR...
2017 Apr 27
0
confused with ssl settings and some error - need help
...ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
>
This looks rather cumbersome way to define ciphers.
> 1. Are these settings good or can be improved?
> 2. Is this line proper:
> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
Well if...
2018 Jan 06
2
TLS problem after upgrading from v2.2 to v2.3
...A256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SSLv2:!SSLv3
2018 Jun 12
4
cant login to Dovecot
...lbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
ssl = no
ssl_cipher_list =
ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
--
--
Best Regards, Walter Ulmke
2019 Nov 18
2
Doveadm replicator ssl issues
...}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl_cert = </etc/dovecot/ssl_chain.pem
ssl_cipher_list =
ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:HIGH:MEDIUM:+TLSv1:+TLSv
1.1:+TLSv1.2:!RC4:!IDEA:!3DES:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!A
ESGCM:!CAMELLIA:!SEED
ssl_client_ca_file = /etc/pki/tls/cert.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
verbose_ssl = yes
local 91.x.x.x {
protocol imap {
ssl_cert = </etc/dovecot/ssl_chain.p...
2011 Jan 31
4
disable_plaintext_auth = no ignored by dovecot in Ubuntu 10.04
....9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-24-generic i686 Ubuntu 10.04.1 LTS
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap pop3 imaps pop3s managesieve
ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
ssl_key_file: /etc/ssl/private/ssl-mail.key
ssl_cipher_list:
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_executable(managesieve): /usr/lib/dovecot/managesieve-login
mail_privile...
2015 Mar 04
0
New FREAK SSL Attack CVE-2015-0204
On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
> Hello,
> about the CVE-2015-0204, in apache the following config seems to disable
> this vulnerability:
> SSLProtocol All -SSLv2 -SSLv3
> SSLCipherSuite
> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>
> Is something similar possible with dovecot ?
I use this with some succes:
# dovecot has built-in protection against BEAST, therefore no need
# to remove -SSLv2-SHA1:-TLSv10-SHA1
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ECDH at STRENGTH:DH a...