search for: minprotocol

hi, On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote: > I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 to?Dovecot v2.3.8 on Centos-8 My report is specifically/solely about the addition/use of the Options = ServerPreference parameter. I don't see that in your configuration. Are you using it? In a config using Dovecot's submission proxy?

...works try tuning cipherlists to more secure value. > > --- > Aki Tuomi Since you mention the newest Ubuntu version, it may (most likely) be necessary to enable TLS 1.0 / 1.1 in openssl as well. I ran into this with Debian 10 some time ago. /etc/ssl/openssl.conf [system_default_sect] -MinProtocol = TLSv1.2 +MinProtocol = TLSv1 In terms of Dovecot ciphers config, Windows should be happy with TLS_RSA_WITH_3DES_EDE_CBC_SHA which is less broken than the other older ciphers. -- K -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/piperma...

...2. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1.2 Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-...

...SL: where=0x2002, ret=1: SSL negotiation finished successfully pop3-login: Debug: SSL error: Connection closed But as I say, all is working fine from Thunderbird... For the SSL problem this is maybe because GMail doesn't like this configuration in debian for openssl ? [system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT at SECLEVEL=2 Maybe should I try to set MinProtocol = None CipherString = DEFAULT But this make a lot of security change on my opinion... Do someone have any tips or suggestion about my problem ? Thx Yannick

On Fri, 2 Nov 2018 08:33:56 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > I think he also forgot to mention this part of kodi and smbclient. > > ( the default of kodi its smbclient ) > .smb/smb.conf > [global] > lock directory = /home/username/.kodi/.smb/ > name resolve order = bcast host >

...ial section that invokes several new sections later: In the initial section I added: ??? openssl_conf = default_conf Then at the bottom of the file I added: ??? [default_conf] ??? ssl_conf = ssl_sect ??? [ssl_sect] ??? system_default = system_default_sect ??? [system_default_sect] ??? MinProtocol = TLSv1 ??? CipherString = DEFAULT at SECLEVEL=1 There is an alternative approach that I have read of but not tested.? Basically you can create a new file elsewhere with the customized content, and then set an environmental variable (OPENSSL_CONF) just before launching Dovecot that points to y...

I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f. A few months ago there was an update to all these systems and since then I've had to talk W7 and old Mac clients through disabling ports 993/995 with TLS enabled back to ports 143/110 without SSL or they could not pick up email. Thunderbird users (ie; me) were unaffected. Could anyone share a set of port 993/995 SSL

|Dear all,| |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, thereby upgrading dovecot from 2.2.x to 2.3.x. | |Since then, some older versions of apple's mail.app (bundled with el Capitano, released in 2016) no longer connect. When I turn on SSL debugging, I see:| |Debug: SSL error: SSL_accept() failed: error:14209102:SSL

...ack-ends/opensslcnf.config : CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 MinProtocol = *TLSv1.1* MaxProtocol = TLSv1.3 Regards Le jeu. 1 oct. 2020 ? 17:29, PGNet Dev <pgnet.dev at gmail.com> a ?crit : > hi, > > On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote: > > I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 > to Dovecot v2.3.8 on...

...t kodi 18 has some setting now in /home/kodi/.kodi/userdata/guisettings.xml <setting id="smb.legacysecurity" default="true">false</setting> <setting id="smb.maxprotocol" default="true">3</setting> <setting id="smb.minprotocol" default="true">0</setting> <setting id="smb.winsserver" default="true">0.0.0.0</setting> Its a headless server so in this case im unable to test from within kodi, atm. But Michael count try to to adjust the maxprotocol from within kodi...

...g now > in /home/kodi/.kodi/userdata/guisettings.xml > > <setting id="smb.legacysecurity" default="true">false</setting> > <setting id="smb.maxprotocol" default="true">3</setting> > <setting id="smb.minprotocol" default="true">0</setting> > <setting id="smb.winsserver" default="true">0.0.0.0</setting> > > Its a headless server so in this case im unable to test from within > kodi, atm. But Michael count try to to adjust the maxprotoco...

...r apps' usage, e.g. Postfix etc; Typically, here > > cat /etc/pki/tls/openssl.cnf > > openssl_conf = default_conf > > [default_conf] > ssl_conf = ssl_sect > > [ssl_sect] > system_default = system_default_sect > > [system_default_sect] > MinProtocol = TLSv1.2 > Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 > CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA...

Actually, I made it work by adding the ?min server protocol = NT1? on the virtual dedicated server. So I guess that this will solve our dilemma (unless I missed something). In any case, one of the robots now have access to the new server. Will try the second one as soon as I get a chance (they are busy bending steel ;:) ) Anders > On 11 Apr 2024, at 14:55, Rowland Penny via samba <samba

...gt; > cat /etc/pki/tls/openssl.cnf > > > > openssl_conf = default_conf > > > > [default_conf] > > ssl_conf = ssl_sect > > > > [ssl_sect] > > system_default = system_default_sect > > > > [system_default_sect] > > MinProtocol = TLSv1.2 > > Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 > > CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES1...

> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > On 9/22/20 10:51 AM, Aki Tuomi wrote: > >>> > > > > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue. > > I've NO issue with that config/setting with any _other_ app -- whether in general

...uid=%u)(objectclass=person)) ldap filter = (&(uid=%u)(objectCategory=person)(objectClass=user)(sAMAccountName=*)) ldap server = frosty.home.local ldap ssl = on restrict anonymous = 2 ; server signing = mandatory server schannel = yes ; ntlm auth = no ; lm announce = no ; minprotocol = NT1 client schannel = yes ; client signing = mandatory ; client signing = auto client ntlmv2 auth = yes ;;;;;may be broken according to man page, for win2k3 # client use spnego = yes winbind separator = + idmap uid = 10000-11000 idmap gid = 10000-11000 ; disable en...