Displaying 20 results from an estimated 154 matches for "renegoti".
Did you mean:
renegotion
2019 Apr 11
1
Secure Client-Initiated Renegotiation
Hello.
I've just tested my system that runs dovecot 2.3.4.1 on debian buster
with testssl.sh (https://testssl.sh/) and is says:
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential
DoS threat
Is this a configuration or a compilation issue and how to solve it?
--
sergio.
2015 Aug 18
0
SSL Renegotiation Attack "Disabling reneotiation"
hai,
As far as i know, no.
Unless you are forceing all clients to use SSLv2 only (since that doesn't support renegotiation).
Are you sure you want to disable it and not just prevent old clients from
using the vulnerable renegotiation methods? If it's the last
you'll need to upgrade to 2.8+ to get access to tls_disable_workarounds.
you have 2 problems.
- One is the vulnerable methods
- the other is re...
2016 Mar 10
2
Client-initiated secure renegotiation
..., 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote:
> On 09-03-16 13:14, djk wrote:
>> On 09/03/16 10:44, Florent B wrote:
>>> Hi,
>>>
>>> I don't see any SSL configuration option in Dovecot to disable
>>> "Client-initiated secure renegotiation".
>>>
>>> It is advised to disable it as it can cause DDoS (CVE-2011-1473).
>>>
>>> Is it possible to have this possibility through an SSL option or other ?
>>>
>>> Thank you.
>>>
>>> Florent
>> ssl_protocols =...
2016 Mar 09
2
Client-initiated secure renegotiation
On 09/03/16 10:44, Florent B wrote:
> Hi,
>
> I don't see any SSL configuration option in Dovecot to disable
> "Client-initiated secure renegotiation".
>
> It is advised to disable it as it can cause DDoS (CVE-2011-1473).
>
> Is it possible to have this possibility through an SSL option or other ?
>
> Thank you.
>
> Florent
ssl_protocols = !SSLv3 !SSLv2
Is that enough?
2014 Jun 04
1
Renegotiate SIP audio codec after call is up
...family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif !important;">Hi All,</p><p style="line-height: 1.5; margin: 0px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif !important;">Asterisk from 11.X branch is able to renegotiate an audio codec after a <span style="color: rgb(0, 0, 0); line-height: normal;">SIP call session has been established (INVITE and 200 OK)?</span></p><p style="line-height: 1.5; margin: 0px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', sa...
2019 Jul 18
1
Dovecot 2.3.0 TLS
...t
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2322 bytes and written 392 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
When I tried to connect with command line: openssl s_client -showcerts -no_tls1_3 -connect server:993
No client certificate CA names s...
2008 Jan 16
2
Zap Issues
...BUG[10107] chan_zap.c: Set option AUDIO MODE, value: OFF(0) on Zap/26-1
[Jan 16 09:18:56] DEBUG[10107] chan_zap.c: Set option AUDIO MODE, value: ON(1) on Zap/3-1
[Jan 16 09:20:24] DEBUG[8430] chan_zap.c: Ring requested on channel 0/23 already in use or previously requested on span 2. Attempting to renegotiating chann
el.
[Jan 16 09:20:24] DEBUG[8430] chan_zap.c: Found empty available channel 0/21
[Jan 16 09:22:24] DEBUG[8430] chan_zap.c: Ring requested on channel 0/23 already in use or previously requested on span 2. Attempting to renegotiating chann
el.
[Jan 16 09:22:24] DEBUG[8430] chan_zap.c: Fou...
2009 Nov 06
0
SSL vulnerability and SSH
Hi,
This is just a quick note to state that the recently reported SSL/TLS
MITM attack[1] *does not* affect SSH. Like SSL/TLS, SSH supports
key and parameter renegotiation, but it is not vulnerable because a
session identifier is carried over from the first key exchange into all
subsequent key exchanges.
Technical details:
In SSL, key exchanges and subsequent renegotiations are completely
independent. This allows an attack as follows: a MITM intercepts a
conne...
2010 Sep 22
0
TLS re-negotiation attack on SIP/TLS of Asterisk?
Hi all,
i read about the TLS-RENEGOTIATION vulnerability:
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html
www.phonefactor.com/sslgapdocs/Renegotiating_TLS.pdf
Does the Asterisk 1.6/1.8 SIP/TLS implementation suffer f...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...> write:errno=0
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 309 bytes and written 202 bytes
>> Verification: OK
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> SSL-Session:
>> ??? Protocol? : TLSv1.2
>> ??? Cipher??? : 0000
>> ??? Session-ID:
>> ??? Session-ID-ctx:
>> ??? Master-Key:
>> ??? PSK identity: None
&...
2013 Dec 10
1
MTU issues
...turbing you if the issues has been discussed earlier but I
cannot find clear explanation of my problem.
Tracing the tinc logs (a debug level) I have found that the MTU value of
the connection is determined and chosen at the beginning of the tunnel
setup.
My question is following: is the MTU value renegotiated / rechecked
after the tunnel is established?
The question concerns the following observation.
After successful connection everything is working correctly.
Unfortunately since I am using tunnelling over GPRS media -for some time
the quality of the connection is degraded.
When it happens I am o...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...r is generated with an EC
private key and the [ no shared cipher ] error:
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 309 bytes and written 202 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
??? Protocol? : TLSv1.2
??? Cipher??? : 0000
??? Session-ID:
??? Session-ID-ctx:
??? Master-Key:
??? PSK identity: None
??? PSK identity hint: None
??? SRP username: None
??? Start Time: 1532969474
??? Timeout??...
2023 Apr 30
1
[RFC PATCH net 1/3] virtio: re-negotiate features if probe fails and features are blocked
..._ok(dev);
- if (err)
- goto err;
+ ret = virtio_features_ok(dev);
+exit:
+ return ret;
+}
+
+static int virtio_dev_probe(struct device *_d)
+{
+ int err;
+ struct virtio_device *dev = dev_to_virtio(_d);
+ struct virtio_driver *drv = drv_to_virtio(dev->dev.driver);
+ u64 blocked_features;
+ bool renegotiate = true;
+
+ /* We have a driver! */
+ virtio_add_status(dev, VIRTIO_CONFIG_S_DRIVER);
+
+ /* Store blocked features and attempt to negotiate features & probe.
+ * If the probe fails, we check if the driver has blocked any new features.
+ * If it has, we reset the device and try again with...
2005 Mar 10
4
re driver trobles (RELENG_5)
Dear colleagues,
experimenting with new amd64-based router we found strange re(4) behaviour
when working in autoselect media mode:
whenever promisc mode turned on, renegotiating occurs, leading to 3 to 45
(depending on STP settings on the switch) network unavailability.
Moreover, some other re(4) setting changes seem to disturb link state
unneededly (such as ifconfig re0 -vlanhwtag)
The most annoying fact is that we non-autonegotiating mode with our re and
D-Link...
2006 Aug 16
3
[NET] front: Fix features on resume when csum is off
Hi Keir:
[NET] front: Fix features on resume when csum is off
When the netfront driver is resumed the features are renegotiated with
the backend. However, I forgot take into account the status of the TX
checksum setting. When TX checksum is disabled by the user, we cannot
enable SG or TSO since both require checksum offload. This patch makes
xennet check the checksum setting before renegotiating SG or TSO.
This bug...
2017 Apr 20
2
Is FSCTL_VALIDATE_NEGOTIATE_INFO mandatory in samba-4.4 & onwards
Hello,
I was reading about secure Dialect negotiation to prevent man-in-middle
to downgrade dialects & capabilities.
_https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/_
I wanted to ask, is there any option to disable SMB2 to do dialect
renegotiation as present in Windows8 clients, as they can control using
RequireSecureNegotiate.
--
Thanks
Amit Kumar
!!If you stumble, get back up.
What happened yesterday, no longer matters.
Today is another day to move closer to your GOAL!!
2023 Apr 30
1
[RFC PATCH net 1/3] virtio: re-negotiate features if probe fails and features are blocked
...es_ok(dev);
> +exit:
> + return ret;
> +}
> +
> +static int virtio_dev_probe(struct device *_d)
> +{
> + int err;
> + struct virtio_device *dev = dev_to_virtio(_d);
> + struct virtio_driver *drv = drv_to_virtio(dev->dev.driver);
> + u64 blocked_features;
> + bool renegotiate = true;
> +
> + /* We have a driver! */
> + virtio_add_status(dev, VIRTIO_CONFIG_S_DRIVER);
> +
> + /* Store blocked features and attempt to negotiate features & probe.
> + * If the probe fails, we check if the driver has blocked any new features.
> + * If it has, we r...
2010 Aug 02
7
Persistent SSH sessions
...sh client doesn't try to re-establish the session for
the ServerAlive messages to work. The shells remain blocked after the
modem reboots, and after approximately 90*6 seconds, ssh aborts
complaining of timeout with the remote server.
I want to know if there is any way I can get ssh to try to renegotiate
the active sessions to remote servers, without disconnecting them.
Note: Please don't bother suggesting workarounds such as the use of
screen, autossh, etc. I am looking for a specific answer about how to
keep a session alive, or the impossibility of doing that. For example,
autossh resta...
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...>> no peer certificate available
>>> ---
>>> No client certificate CA names sent
>>> ---
>>> SSL handshake has read 309 bytes and written 202 bytes
>>> Verification: OK
>>> ---
>>> New, (NONE), Cipher is (NONE)
>>> Secure Renegotiation IS NOT supported
>>> Compression: NONE
>>> Expansion: NONE
>>> No ALPN negotiated
>>> SSL-Session:
>>> ??? Protocol? : TLSv1.2
>>> ??? Cipher??? : 0000
>>> ??? Session-ID:
>>> ??? Session-ID-ctx:
>>> ??? Master-Ke...
2011 Nov 21
1
vigor 2920 problems
...ever arrive
at the server; this happens in about half of the phones- with no
consistency as to which lose registration.
It looks like the router is swallowing the messages, or there's some kind
of NAT problem. Other clients at other sites are fine.
The problem clears if the phone is rebooted (renegotiates a new nat path?)
Any help warmly appreciated.
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20111121/c6b6f7b1/attachment.htm>