search for: no_ticket

Hello! I have a very minor bug to report. The ssl_options configuration directive takes a space-separated list of options, each of which must be in the set {?no_compression?, ?no_ticket?}, according to the 2.2.25 source code. However, the file doc/example-config/conf.d/10-ssl.conf shipped in the tarball only mentions the ?no_compression? option; it makes no mention of the ?no_ticket? option. Oh, and by the way, the changelog <http://dovecot.org/doc/NEWS> linked from the dow...

...th Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ? Mine is currently... ssl_ca = </etc/ssl/certs/ca-certificates.crt ssl_cert = </etc/ssl/example.com/fullchain.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_options = no_compression no_ticket ssl_prefer_server_ciphers = yes I have commented out ssl_cipher_list, ssl_min_protocol and others to get back to whatever the defaults are so I am not simply guessing what the optimal settings would be to cover Win7 and up. Yes I know Win7 is no longer supported but that does not help the 100s of...

...s = no # Prefer the server's order of ciphers over client's. #ssl_prefer_server_ciphers = no # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. # no_ticket - Disable SSL session tickets. #ssl_options = =========================== # openssl x509 -dates -in mydomain.com.crt notBefore=Nov 11 16:31:35 2020 GMT notAfter=Nov 11 16:31:35 2022 GMT -----BEGIN CERTIFICATE----- : =========================== # openssl pkey -in mydomain.com.key ----...

...error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac #Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher When I setup in postfix main.cf file (other lines default): tls_ssl_options = no_ticket, no_compression tls_preempt_cipherlist = yes smtpd_sasl_security_options=noanonymous,noplaintext smtpd_sasl_tls_security_options=noanonymous,noplaintext smtpd_tls_mandatory_ciphers = high smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem #instead of below I tried smtpd_tls_mandatory_exclude_cip...

....20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date.sent/received/saved.unixtime...

....20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date.sent/received/saved.unixtime...

...imap-login: Error: SSL: Stacked error: > > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > This means your client did not support your enabled ciphers. > > > > > When I setup in postfix main.cf file (other lines default): > > tls_ssl_options = no_ticket, no_compression > > tls_preempt_cipherlist = yes > > smtpd_sasl_security_options=noanonymous,noplaintext > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > smtpd_tls_mandatory_ciphers = high > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > &g...

...http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date.sent/received/saved.unixtime...

...http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date.sent/received/saved.unixtime...

...n 03.12.2015 14:51, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig > > v2.2.20 probably will be released tomorrow or maybe during weekend. > > + ssl_options: Added support for no_ticket > Hello TImo, great to see that inseucre session tickets (violating PFS) can be disabled. Is it possible to configure the secure session caching mechanism? e.g. like in nginx: https://bjornjohansen.no/optimizing-https-nginx Thnx. Ciao, Gerhard

...s.crt </div> <div> ssl_cert = </etc/ssl/example.com/fullchain.pem </div> <div> ssl_dh = # hidden, use -P to show it </div> <div> ssl_key = # hidden, use -P to show it </div> <div> ssl_options = no_compression no_ticket </div> <div> ssl_prefer_server_ciphers = yes </div> <div> <br> </div> <div> I have commented out ssl_cipher_list, ssl_min_protocol and others to </div> <div> get back to whatever the defaults are so I am n...

...se ? >> >> Mine is currently... >> >> ssl_ca = </etc/ssl/certs/ca-certificates.crt >> ssl_cert = </etc/ssl/example.com/fullchain.pem >> ssl_dh = # hidden, use -P to show it >> ssl_key = # hidden, use -P to show it >> ssl_options = no_compression no_ticket >> ssl_prefer_server_ciphers = yes >> >> I have commented out ssl_cipher_list, ssl_min_protocol and others to >> get back to whatever the defaults are so I am not simply guessing what >> the optimal settings would be to cover Win7 and up. >> >> Yes I know W...

...AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA ssl_client_ca_dir = /etc/ssl/certs ssl_curve_list = X25519:P-256 ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_options = no_compression, no_ticket ssl_prefer_server_ciphers = yes userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = quota old_stats notify replication listescape sieve } protocol imap { imap_metadata = yes mail_max_userip_connections = 25 mail_plugins = quota old_stats notif...

...0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > > > > > This means your client did not support your enabled ciphers. > > > > > > > > > > > When I setup in postfix main.cf file (other lines default): > > > > tls_ssl_options = no_ticket, no_compression > > > > tls_preempt_cipherlist = yes > > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > > smtpd_tls_mandatory_ciphers = high > > > > smtpd_tls_d...

...> > #ssl_prefer_server_ciphers = no > > # SSL crypto device to use, for valid values run "openssl engine" > > #ssl_crypto_device = > > > > # SSL extra options. Currently supported options are: > > # no_compression - Disable compression. > > # no_ticket - Disable SSL session tickets. > > #ssl_options = > > > > =========================== > > # openssl x509 -dates -in mydomain.com.crt > > notBefore=Nov 11 16:31:35 2020 GMT > > notAfter=Nov 11 16:31:35 2022 GMT > > -----BEGIN CERTIFICATE----- > >...

...user = vmail } user = vmail } ssl = required ssl_cert = </usr/local/etc/ssl/acme.sh/example.com/fullchain.crt ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_curve_list = P-256 ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_options = no_ticket ssl_prefer_server_ciphers = yes userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_fsync = optimized mail_plugins = acl fts fts_lucene mail_log notify quota trash virtual welcome zlib mail_crypt sieve } protocol lda { mail_fsync = optimized m...

...r 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher This means your client did not support your enabled ciphers. > > When I setup in postfix main.cf file (other lines default): > tls_ssl_options = no_ticket, no_compression > tls_preempt_cipherlist = yes > smtpd_sasl_security_options=noanonymous,noplaintext > smtpd_sasl_tls_security_options=noanonymous,noplaintext > smtpd_tls_mandatory_ciphers = high > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > #instead of below I tried s...

...r > >> > > > >> > > This means your client did not support your enabled ciphers. > >> > > > >> > > > > >> > > > When I setup in postfix main.cf file (other lines default): > >> > > > tls_ssl_options = no_ticket, no_compression > >> > > > tls_preempt_cipherlist = yes > >> > > > smtpd_sasl_security_options=noanonymous,noplaintext > >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > >> > > > smtpd_tls_mandatory_ciphers =...

...vhostname } user = vhostname } ssl = required ssl_cert = </usr/local/etc/ssl/acme.sh/example.com/fullchain.crt ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_curve_list = P-256 ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_options = no_ticket ssl_prefer_server_ciphers = yes userdb { args = /usr/local/etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { hostname_fsync = optimized hostname_plugins = acl fts fts_lucene hostname_log notify quota trash virtual welcome zlib hostname_crypt sieve } protocol lda { hostname_f...

...or: > > > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > > > This means your client did not support your enabled ciphers. > > > > > > > > When I setup in postfix main.cf file (other lines default): > > > tls_ssl_options = no_ticket, no_compression > > > tls_preempt_cipherlist = yes > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > smtpd_tls_mandatory_ciphers = high > > > smtpd_tls_dh1024_param_file = /etc/p...