Displaying 3 results from an estimated 3 matches for "opensslcnf".
Did you mean:
opensslconf
2020 Oct 01
3
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
hi,
On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote:
> I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 to?Dovecot v2.3.8 on Centos-8
My report is specifically/solely about the addition/use of the
Options = ServerPreference
parameter.
I don't see that in your configuration.
Are you using it? In a config using Dovecot's submission proxy?
2020 Oct 01
0
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...server, it was not necessary using "Options =
ServerPreference" parameter.
My openssl.conf look like that :
openssl_conf = default_modules
[ default_modules ]
ssl_conf = ssl_module
[ ssl_module ]
system_default = crypto_policy
[ crypto_policy ]
*.include /etc/crypto-policies/back-ends/opensslcnf.config*
And /etc/crypto-policies/back-ends/opensslcnf.config :
CipherString =
@SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites =
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_12...
2020 Mar 18
0
crypto-policies / per connection based config
...etworkManager (Gnome UI) that
uses a legacy protocol. Downgrading the policies globally in
/etc/crypto-policies/back-ends (I do it just for one backend) helps
to establish the connection. To protect this workstation I want
to have this config just for this connection (its openssl based that
needs opensslcnf.config adapted) and not for all openssl based services.
Is a per connection based config possible?
Thanks for hints,
Leon