search for: kecdh

Displaying 8 results from an estimated 8 matches for "kecdh".

Did you mean: ecdh
2018 Jan 09
2
openssl question
> but i try to this command > > openssl s_client -connect mail.mydomain:pop3s -starttls imap > > it says CONNECTED and hang. second command is correct? Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays). If you're testing IMAP, try one or the other or both depending of how many flavours
2019 Apr 17
2
Problem with mysql backend and SSL ciphers
2019 Apr 18
1
Problem with mysql backend and SSL ciphers
...protocol > name: > > https://mariadb.com/kb/en/library/ssltls-system-variables/#ssl_cipher > > In in other software it's common to have two distinct settings, one > for protocol and one a cipher "pattern". > > Maybe you could try something like this: > > kECDHE+CHACHA20:kECDHE+AESGCM > > ChaCha / Poly and AES GCM are TLS 1.2 + only ciphers. > > This will not include AES CBC which exist with variations in both 1.0 > to 1.2, but if you're security conscious, you probably don't want to > use CBC anyway. > > Or you could match...
2018 Jan 09
0
openssl question
> TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > our dovecot (2.0.9 on redhat) 10-ssl.conf file we have > > ssl_cipher_list = > kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!SSLv3 Offhand, I don't know of a fast way to match up client cipher specs and server cipher specs. The hard part is trying to figure out what the client is doing. Maybe you can turn on doveco...
2019 Apr 17
0
Problem with mysql backend and SSL ciphers
...ay the settings excepts a list of ciphers or a protocol name: https://mariadb.com/kb/en/library/ssltls-system-variables/#ssl_cipher In in other software it's common to have two distinct settings, one for protocol and one a cipher "pattern". Maybe you could try something like this: kECDHE+CHACHA20:kECDHE+AESGCM ChaCha / Poly and AES GCM are TLS 1.2 + only ciphers. This will not include AES CBC which exist with variations in both 1.0 to 1.2, but if you're security conscious, you probably don't want to use CBC anyway. Or you could match just 1.2 versions with - I think - A...
2016 Oct 27
2
Bugreport: managesieve-login won't start without a ssl-key
...vate/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 ssl = yes } } ssl = required ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/imap.toppoint.de.pem ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv3 !SSLv2 userdb { driver = passwd } protocol lmtp { mail_plugins = sieve } protocol imap { ssl_cert = </...
2019 Mar 10
5
Delayed flags changes over IDLE
Hello, I'm experiencing slow flags changes over IMAP IDLE: - If I start an IDLE session / command - Change the flags of some messages via another email app - Dovecot can take a minute or more to notify the IDLE connection about flags changes If I use another email app to add or remove a message, Dovecot sends that (EXISTS / EXPUNGE) instantly and also flushes the (so far delayed) flags
2016 Oct 28
0
Bugreport: managesieve-login won't start without a ssl-key
...anageSieve with TLS from the start. It doesn't exist by the standard. ManageSieve only uses the STARTTLS command. Leave out the ssl=yes here. > } > ssl = required > ssl_cert = </etc/ssl/private/imap.toppoint.de.crt > ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES > ssl_dh_parameters_length = 2048 > ssl_key = </etc/ssl/private/imap.toppoint.de.pem > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv3 !SSLv2 > userdb { > driver = passwd > } > protocol lmtp { > mail_plugins...