search for: prime256v1

..." instructions from the Dovecot MailCrypt wiki: > https://wiki.dovecot.org/Plugins/MailCrypt > > " > In order to generate an EC key, you must first choose a curve from the > output of this command: > > openssl ecparam -list_curves > > If you choose the curve prime256v1, generate and EC key with the command: > > openssl ecparam -name prime256v1 -genkey | openssl pkey -out > ecprivkey.pem > > Then generate a public key out of your private EC key > > openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem > " > > -Dave I'...

...r: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher Downgrading from 2.2.27 resolves, error still persists in 2.2.28. I'm using openssl 1.1.0.f and an ec cert/key with the following curve. ASN1 OID: prime256v1 NIST CURVE: P-256 Does anyone know anything about this off the top of their head? If not I'll try to git-bisect 2.2.27 -> 2.2.28 and see if I can find any offending commits later on this week. -- Matt Pallissard

> On 11 April 2019 00:49 David Salisbury via dovecot <dovecot at dovecot.org> wrote: > > > >>> > >> Yes. I gave it a try here, and it seems to work. Does it give any extra > >> information if you include -i flag? > >> > >> Aki > >> > > > > Yes, I had tried that, and it doesn't give much extra information, at

...e a champ, but some of our administrative operations require access to Maildir messages in plaintext. I've found numerous threads detailing help with mail_crypt setup, but none of my research has yielded a method of decrypting the stored messages. Relevant plugin config: mail_crypt_curve = prime256v1 mail_crypt_global_private_key = <pirvkey> mail_crypt_global_public_key = <pubkey> mail_crypt_save_version = 2 Method I attempted for manual decryption is listed below: openssl pkeyutl -derive -inkey mailcrypt.key -peerkey mailcrypt.pub -out shared_secret.bin openssl enc -aes256...

...> Aki, I just used the "EC key" instructions from the Dovecot MailCrypt wiki: https://wiki.dovecot.org/Plugins/MailCrypt " In order to generate an EC key, you must first choose a curve from the output of this command: > openssl ecparam -list_curves If you choose the curve prime256v1, generate and EC key with the command: > openssl ecparam -name prime256v1 -genkey | openssl pkey -out ecprivkey.pem Then generate a public key out of your private EC key > openssl pkey -in ecprivkey.pem -pubout -out ecpubkey.pem " -Dave

Hi All, Version 7.0 of "X.509 certificates support in OpenSSH" is ready for immediate download. This version allow client to use certificates and keys stored into external devices. The implementation is based on openssl dynamic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey,

...ockquote type="cite"> <div> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 </div> </blockquote> <blockquote type="cite"> <div> using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about. </div> </blockquote> <blockquote type="cite"> <div> Aki Tuomi </div> <div> Open-Xchange Oy </div> </blockquo...

...---END CERTIFICATE----- > > > I did some local testing and it seems that you are using a curve that is not acceptable for openssl as a server key. I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about. Aki Tuomi Open-Xchange Oy

...config: mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_global_private_key = <ecprivkey.pem mail_crypt_global_public_key = <ecpubkey.pem mail_crypt_save_version = 2 } also this one: plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 } but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas? -- Kind Regards, Support Team SERVERIA.COM Riga, LV-1063, Latvia US: +1 (213) 224-7938 LV: + (371) 22330032 Skype: bighostlv support at serve...

...SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher > > > > Downgrading from 2.2.27 resolves, error still persists in 2.2.28. > > > > I'm using openssl 1.1.0.f and an ec cert/key with the following curve. > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > > > > > Does anyone know anything about this off the top of their head? If not I'll try to git-bisect 2.2.27 -> 2.2.28 and see if I can find any offending commits later on this week. > > > > That would indicate a problem with c...

> I did some local testing and it seems that you are using a curve that is not acceptable for openssl as a server key. > > I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 > > using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about. > > Aki Tuomi > Open-Xchange Oy Which openssl version you are using? This end it is OpenSSL 1.1.0h. There are no issues creating private keys, issuing csr, signing certs with that particular c...

...l/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/mail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 quota = maildir:User quota quota_exceeded_message = Benutzer %u hat das Speichervolumen ?berschritten. / User %u has exhausted allowed storage space. sieve = file:/var/mail/sieve/%d/%n/scripts;active=/var/mail/sieve/%d/%n/active-script.sieve sieve_before =...

Hi Team, I have enabled LDAP authentication with webmail client and it works successfully. But I found an error with LDAP user's mail. Email is not loaded when I log with an LDAP user. Login phase is successful and mail box is the issue. I created a mail user without including LDAP and that user works fine. Issue comes only with LDAP users. *Anushka Bandara* Research Engineer Lanka Software

...vate EC key file. Otherwise fall back to the NIST P-384 (secp384r1) curve to be compliant with RFC 6460 when AES-256 TLS cipher suites are in use. This fall back option does however make Dovecot non-compliant with RFC 6460 which requires curve NIST P-256 (prime256v1) be used when AES-128 TLS cipher suites are in use. At least the non-compliance is in the form of providing too much security rather than too little. */ nid = ssl_proxy_ctx_get_pkey_ec_curve_name(set); ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == N...

...ror from doveadm when upgrading from 2.2.27 to 2.2.29. > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher I'm using a cert/key with the following curve. ASN1 OID: prime256v1 NIST CURVE: P-256 Downgrading to 2.2.27 resolves the issue. Does anyone know about this off the top of their head? If not I'll try to git-bisect 2.2.27->2.2.28 for any offending commits later on this week. -- Matt Pallissard

...nnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher > > Downgrading from 2.2.27 resolves, error still persists in 2.2.28. > > I'm using openssl 1.1.0.f and an ec cert/key with the following curve. > ASN1 OID: prime256v1 > NIST CURVE: P-256 > > > Does anyone know anything about this off the top of their head? If not I'll try to git-bisect 2.2.27 -> 2.2.28 and see if I can find any offending commits later on this week. > That would indicate a problem with cipher lists. What are you doing tha...

...ing and it seems that you are using a curve >>> that is not acceptable for openssl as a server key. >>> I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem >>> -port 5555 >>> using cert generated with brainpool. Everything works if I use >>> prime256v1 or secp521r1. This is a limitation in OpenSSL and not >>> something we can really do anything about. >>> Aki Tuomi >>> Open-Xchange Oy >> Which openssl version you are using? This end it is OpenSSL 1.1.0h. >> There are no issues creating private keys, issuing...

...y to use Mailcrypt encrypted user keys with conjustion with dbsync replication(Dovecot 2.3.6 in FreeBSD 12.0 enviroment) but was unsuccessful. If I provide a password in mail_crypt_private_password variable directly in Dovecot config all things works as expected plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 mail_crypt_require_encrypted_user_key = yes mail_crypt_private_password = 12345 } but when I remove this and trying to get the same user password in password_query it seems password doesn't assigned password_query = SELECT username AS user, passwor...

...config: mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_plugins = $mail_plugins mail_crypt plugin { mail_crypt_global_private_key = <ecprivkey.pem mail_crypt_global_public_key = <ecpubkey.pem mail_crypt_save_version = 2 } also this one: plugin { mail_crypt_curve = prime256v1 mail_crypt_save_version = 2 } but to no avail. There are no visible errors, Dovecot restarts fine and outgoing emails get encrypted. Any ideas? -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20191001/a3cb4...

...send shortened duration DTMF tones. (Reported by Richard Mudgett) * ASTERISK-25312 - res_http_websocket: Terminate connection on fatal cases (Reported by Joshua Colp) * ASTERISK-25265 - [patch]DTLS Failure when calling WebRTC-peer on Firefox 39 - add ECDH support and fallback to prime256v1 (Reported by Stefan Engstr??m) Improvements made in this release: ----------------------------------- * ASTERISK-25310 - [patch]on FreeBSD also pthread_attr_init() defaults to PTHREAD_EXPLICIT_SCHED (Reported by Guido Falsi) For a full list of changes in this release, please see the...