search for: kecdh

> but i try to this command > > openssl s_client -connect mail.mydomain:pop3s -starttls imap > > it says CONNECTED and hang. second command is correct? Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays). If you're testing IMAP, try one or the other or both depending of how many flavours

...protocol > name: > > https://mariadb.com/kb/en/library/ssltls-system-variables/#ssl_cipher > > In in other software it's common to have two distinct settings, one > for protocol and one a cipher "pattern". > > Maybe you could try something like this: > > kECDHE+CHACHA20:kECDHE+AESGCM > > ChaCha / Poly and AES GCM are TLS 1.2 + only ciphers. > > This will not include AES CBC which exist with variations in both 1.0 > to 1.2, but if you're security conscious, you probably don't want to > use CBC anyway. > > Or you could match...

> TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > our dovecot (2.0.9 on redhat) 10-ssl.conf file we have > > ssl_cipher_list = > kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES:!SSLv3 Offhand, I don't know of a fast way to match up client cipher specs and server cipher specs. The hard part is trying to figure out what the client is doing. Maybe you can turn on doveco...

...ay the settings excepts a list of ciphers or a protocol name: https://mariadb.com/kb/en/library/ssltls-system-variables/#ssl_cipher In in other software it's common to have two distinct settings, one for protocol and one a cipher "pattern". Maybe you could try something like this: kECDHE+CHACHA20:kECDHE+AESGCM ChaCha / Poly and AES GCM are TLS 1.2 + only ciphers. This will not include AES CBC which exist with variations in both 1.0 to 1.2, but if you're security conscious, you probably don't want to use CBC anyway. Or you could match just 1.2 versions with - I think - A...

...vate/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 ssl = yes } } ssl = required ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/imap.toppoint.de.pem ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv3 !SSLv2 userdb { driver = passwd } protocol lmtp { mail_plugins = sieve } protocol imap { ssl_cert = </...

Hello, I'm experiencing slow flags changes over IMAP IDLE: - If I start an IDLE session / command - Change the flags of some messages via another email app - Dovecot can take a minute or more to notify the IDLE connection about flags changes If I use another email app to add or remove a message, Dovecot sends that (EXISTS / EXPUNGE) instantly and also flushes the (so far delayed) flags

...anageSieve with TLS from the start. It doesn't exist by the standard. ManageSieve only uses the STARTTLS command. Leave out the ssl=yes here. > } > ssl = required > ssl_cert = </etc/ssl/private/imap.toppoint.de.crt > ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES > ssl_dh_parameters_length = 2048 > ssl_key = </etc/ssl/private/imap.toppoint.de.pem > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv3 !SSLv2 > userdb { > driver = passwd > } > protocol lmtp { > mail_plugins...