Displaying 20 results from an estimated 27 matches for "kdhd".
2019 Oct 28
3
changing cipher for imap clients
...see:
Anonymous TLS connection established from * TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
how can I tell dovecot to use AES256, instead of AES128 ?
is this set by ssl_cipher_list ? Here are my current values (defaults)
# doveconf ssl_cipher_list
ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
# dovecot --version
2.3.4.1
thanks,
2017 Apr 27
2
confused with ssl settings and some error - need help
...;aki.tuomi at dovecot.fi>:
>
> > On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl>
> wrote:
> >
> >
> > Thank You for answers. But:
> > 1. How should be properly configured ssl_cipher_list?
>
> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!
> 3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> To disable non-EC DH, use:
>
> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> > 2. Ok, removed !TLSv1 !TLSv1.1....
2017 Apr 30
2
confused with ssl settings and some error - need help
...at 10:55 AM Poliman - Serwis <serwis at poliman.pl>
> >> wrote:
> >> >
> >> >
> >> > Thank You for answers. But:
> >> > 1. How should be properly configured ssl_cipher_list?
> >>
> >> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU
> >> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> >>
> >> To disable non-EC DH, use:
> >>
> >> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> >> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at ST...
2017 Apr 27
2
confused with ssl settings and some error - need help
Thank You for answers. But:
1. How should be properly configured ssl_cipher_list?
2. Ok, removed !TLSv1 !TLSv1.1.
3. Strange thing with ssl_protocols and ssl_cipher_list, because on older
server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two
lines looks exactly this same and no errors in mail.err file and mailes
works without any problem.
4. No, currently I don't use LMTP.
2020 Nov 15
1
no shared cipher openssl
...equire_crl = yes
#ssl_client_ca_dir =
#ssl_client_ca_file =
#ssl_verify_client_cert = no
#ssl_cert_username_field = commonName
#ssl_dh_parameters_length = 1024
#ssl_protocols = !SSLv3
# SSL ciphers to use
# ols values ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:
!RC4:!ADH:!LOW at STRENGTH
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# Prefer the server's order of ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for v...
2017 Apr 27
0
confused with ssl settings and some error - need help
> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote:
>
>
> Thank You for answers. But:
> 1. How should be properly configured ssl_cipher_list?
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
To disable non-EC DH, use:
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> 2. Ok, removed !TLSv1 !TLSv1.1.
> 3. Strange thing with ssl_protocol...
2018 Dec 14
2
Upgrade to 2.3.1 has failed
...sl_cert =
/etc/certbot/live/privustech.com/fullchain.pem
ssl_key = /etc/certbot/live/privustech.com/privkey.pem
ssl_dh = /etc/dovecot/dh.pem #(yes, it took five hours to create...)
ssl_min_protocol = TLSv1
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_prefer_server_ciphers = no
3. We have checked 10-ssl.conf against the 2.3 default at
https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/10-ssl.conf
4. We do NOT include the less than...
2017 Apr 27
0
confused with ssl settings and some error - need help
...gt;
>> > On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl>
>> wrote:
>> >
>> >
>> > Thank You for answers. But:
>> > 1. How should be properly configured ssl_cipher_list?
>>
>> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU
>> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>>
>> To disable non-EC DH, use:
>>
>> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
>> !aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>>
>> >...
2017 May 05
0
confused with ssl settings and some error - need help
...erwis at poliman.pl>
> > >> wrote:
> > >> >
> > >> >
> > >> > Thank You for answers. But:
> > >> > 1. How should be properly configured ssl_cipher_list?
> > >>
> > >> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNU
> > >> LL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> > >>
> > >> To disable non-EC DH, use:
> > >>
> > >> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:
> > >> !aNULL:!eNULL:!EXPORT:!DES:!3DES:...
2018 Dec 14
0
Upgrade to 2.3.1 has failed
...took five hours to create...)
Hi! You should use
ssl_cert =</etc/certbot/live/privustech.com/fullchain.pem
ssl_key =</etc/certbot/live/privustech.com/privkey.pem
ssl_dh =</etc/dovecot/dh.pem
> ssl_min_protocol = TLSv1
> ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> ssl_prefer_server_ciphers = no
>
You should set ssl_prefer_server_ciphers = yes.
> 3. We have checked 10-ssl.conf against the 2.3 default at
> https://github.com/dovecot/core/blob/master/doc/...
2019 Oct 28
0
changing cipher for imap clients
...from * TLSv1 with cipher
> ECDHE-RSA-AES256-SHA (256/256 bits)
>
> how can I tell dovecot to use AES256, instead of AES128 ?
>
> is this set by ssl_cipher_list ? Here are my current values (defaults)
>
> # doveconf ssl_cipher_list
> ssl_cipher_list =
> ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
>
> # dovecot --version
> 2.3.4.1
>
> thanks,
Perhaps your client does not support it?
Also, you could try the *default* cipher list (unset ssl_cipher_list), which is reasonable. Also make sure you have ...
2020 Nov 16
0
no shared cipher openssl
...ert = no
> > #ssl_cert_username_field = commonName
> > #ssl_dh_parameters_length = 1024
> > #ssl_protocols = !SSLv3
> >
> > # SSL ciphers to use
> > # ols values ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
> > ssl_cipher_list =
> > ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:
> > !RC4:!ADH:!LOW at STRENGTH
> >
> > # Prefer the server's order of ciphers over client's.
> > #ssl_prefer_server_ciphers = no
> >
> > # Prefer the server's order of ciphers over client's.
>...
2020 Mar 09
0
dovecot-pigeonhole Broken ?
...x
mode = 0666
user = postfix
}
user = root
}
ssl = required
ssl_alt_cert = </etc/letsencrypt/live/mx02.esslmaier.at/fullchain.pem
ssl_alt_key = # hidden, use -P to show it
ssl_cert = </etc/letsencrypt/live/mx02.esslmaier.at/fullchain-ecdsa.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!
3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_client_ca_file = </etc/pki/tls/cert.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.1
ssl_options = no_compression
userdb {
driver = passwd
}
userdb {
args...
2019 Oct 04
1
imapsieve administrator scripts are not executed in the order they are defined
...e sieve
service imap-login {
inet_listener imap {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
}
ssl = required
ssl_cert = </etc/ssl/dovecot/somehost.cert.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!
3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
verbose_ssl = yes
protocol lmtp {
ma...
2019 Sep 04
4
TLS not working with iOS beta?
...rep -v "^#|^$" 10-ssl.conf 10-auth.conf
10-ssl.conf:ssl = required
10-ssl.conf:ssl_cert = </path/to/fullchain.pem
10-ssl.conf:ssl_key = </path/to/privkey.pem
10-ssl.conf:ssl_dh = </path/to/dh.pem
10-ssl.conf:ssl_min_protocol = TLSv1.1
10-ssl.conf:ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
10-auth.conf:disable_plaintext_auth = yes
10-auth.conf:auth_mechanisms = login
10-auth.conf:!include auth-system.conf.ext
# dovecot --version
2.3.7.2 (3c910f64b)
Anyone seeing something similar and/or have suggestions on h...
2019 Sep 04
0
TLS not working with iOS beta?
...l.conf 10-auth.conf
> 10-ssl.conf:ssl = required
> 10-ssl.conf:ssl_cert = </path/to/fullchain.pem
> 10-ssl.conf:ssl_key = </path/to/privkey.pem
> 10-ssl.conf:ssl_dh = </path/to/dh.pem
> 10-ssl.conf:ssl_min_protocol = TLSv1.1
> 10-ssl.conf:ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> 10-auth.conf:disable_plaintext_auth = yes
> 10-auth.conf:auth_mechanisms = login
> 10-auth.conf:!include auth-system.conf.ext
>
> # dovecot --version
> 2.3.7.2 (3c910f64b)
Just a wild guess as I didn?t...
2019 Sep 04
2
Different passdb backends for different services
...e quota-warning {
executable = script /usr/local/bin/quota-warning.sh
extra_groups = mail
unix_listener quota-warning {
group = vmail
mode = 0600
user = vmail
}
user = vmail
}
ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
ssl_client_key = # hidden, use -P to show it
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_pr...
2023 Mar 15
1
Bug with lmtp_save_to_detail_mailbox
> On 15/03/2023 13:12 EET Dejan <me at dejanstrbac.com> wrote:
>
>
> > lmtp_save_to_detail_mailbox = yes
>
> Plus-delivery conflicts with existing, reserved files such as
> "subscriptions":
>
> Message for kim+subscriptions@ results in:
>
> lmtp(kim@***.com)<14493><SK7sEvaHEWSdOAAAvAYmHA>: Error:
>
2019 Sep 04
3
Different passdb backends for different services
> On 4 Sep 2019, at 16.38, R.N.S. via dovecot <dovecot at dovecot.org> wrote:
>>
>> passdb {
>> args = /etc/dovecot/master-users
>> driver = passwd-file
>> master = yes
>> pass = yes
>> }
>> passdb {
>> args = /etc/dovecot/dovecot-ldap.conf.ext
>> driver = ldap
>> }
>>
...
>> protocol sieve {
>> passdb
2019 Sep 04
0
Different passdb backends for different services
...r/local/bin/quota-warning.sh
> extra_groups = mail
> unix_listener quota-warning {
> group = vmail
> mode = 0600
> user = vmail
> }
> user = vmail
> }
> ssl_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
> ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> ssl_client_cert = </etc/ssl/mail.roessner-net.de/cert/fullchain.pem
> ssl_client_key = # hidden, use -P to show it
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_...