search for: renegotiating

Hello. I've just tested my system that runs dovecot 2.3.4.1 on debian buster with testssl.sh (https://testssl.sh/) and is says: Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat Is this a configuration or a compilation issue and how to solve it? -- sergio.

hai, As far as i know, no. Unless you are forceing all clients to use SSLv2 only (since that doesn't support renegotiation). Are you sure you want to disable it and not just prevent old clients from using the vulnerable renegotiation methods? If it's the last you'll need to upgrade to 2.8+ to get access to tls_disable_workarounds. you have 2 problems. - One is the vulnerable

On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can

On 09/03/16 10:44, Florent B wrote: > Hi, > > I don't see any SSL configuration option in Dovecot to disable > "Client-initiated secure renegotiation". > > It is advised to disable it as it can cause DDoS (CVE-2011-1473). > > Is it possible to have this possibility through an SSL option or other ? > > Thank you. > > Florent ssl_protocols = !SSLv3

<div style="font:14px/1.5 'Lucida Grande', '微软雅黑';color:#333;"><p style="line-height: 1.5; margin: 0px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif !important;">Hi All,</p><p style="line-height: 1.5; margin: 0px; font-family: 'Lucida Grande', 'Lucida Sans Unicode', sans-serif

Hello, I don't know who will read this message, but I found this thread: https://www.mail-archive.com/search?l=dovecot at dovecot.org&q=subject:%22Dovecot+2.3.0+TLS%22&o=newest And I'm expected the same issue, I will try to explain to you (english is not my native language, sorry) Since Buster update, so Dovecot update too, I'm not able to connect to my mail server from my

...BUG[10107] chan_zap.c: Set option AUDIO MODE, value: OFF(0) on Zap/26-1 [Jan 16 09:18:56] DEBUG[10107] chan_zap.c: Set option AUDIO MODE, value: ON(1) on Zap/3-1 [Jan 16 09:20:24] DEBUG[8430] chan_zap.c: Ring requested on channel 0/23 already in use or previously requested on span 2. Attempting to renegotiating chann el. [Jan 16 09:20:24] DEBUG[8430] chan_zap.c: Found empty available channel 0/21 [Jan 16 09:22:24] DEBUG[8430] chan_zap.c: Ring requested on channel 0/23 already in use or previously requested on span 2. Attempting to renegotiating chann el. [Jan 16 09:22:24] DEBUG[8430] chan_zap.c: Found em...

...The MITM may then inject some data of its choice (say, the start of a HTTP request) before it initiates a regenotiation with the server and proxies the real client's negotiation to the server. The real client thinks it is negotiating for the first time, but the real server thinks the client is renegotiating. Once the negotiation is complete, thereal client and server continue the connection (proxied via the MITM) oblivious to the fact that the MITM has injected data. In SSH, the first key exchange generates a "session identifier" in addition to a key. This session identifier is used in the...

Hi all, i read about the TLS-RENEGOTIATION vulnerability: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html www.phonefactor.com/sslgapdocs/Renegotiating_TLS.pdf Does the Asterisk 1.6/1.8 SIP/TLS implementation suffer from the TLS Renegotiation vulnerability or the TLS-renegotiation it's disabled by default, in how OpenSSL is used? Fabio Pietrosanti

>>>>>> facing [ no shared cipher ] error with EC private keys. >>>>> the client connecting to your instance has to support ecdsa >>>>> >>>>> >>>> It does - Thunderbird 60.0b10 (64-bit) >>>> >>>> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] >>>> >>>> It seems there is

Hi All, Sorry for disturbing you if the issues has been discussed earlier but I cannot find clear explanation of my problem. Tracing the tinc logs (a debug level) I have found that the MTU value of the connection is determined and chosen at the beginning of the tunnel setup. My question is following: is the MTU value renegotiated / rechecked after the tunnel is established? The question

>>>> facing [ no shared cipher ] error with EC private keys. >>> the client connecting to your instance has to support ecdsa >>> >>> >> It does - Thunderbird 60.0b10 (64-bit) >> >> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] >> >> It seems there is a difference between the private key (rsa vs. ecc -> >>

This patch exports a new virtio core function: virtio_block_feature. The function should be called during a virtio driver probe. If a virtio driver blocks features during probe and fails probe, virtio core will reset the device, try to re-negotiate the new features and probe again. Signed-off-by: Alvaro Karsz <alvaro.karsz at solid-run.com> --- drivers/virtio/virtio.c | 73

Dear colleagues, experimenting with new amd64-based router we found strange re(4) behaviour when working in autoselect media mode: whenever promisc mode turned on, renegotiating occurs, leading to 3 to 45 (depending on STP settings on the switch) network unavailability. Moreover, some other re(4) setting changes seem to disturb link state unneededly (such as ifconfig re0 -vlanhwtag) The most annoying fact is that we non-autonegotiating mode with our re and D-Link gigab...

...s resumed the features are renegotiated with the backend. However, I forgot take into account the status of the TX checksum setting. When TX checksum is disabled by the user, we cannot enable SG or TSO since both require checksum offload. This patch makes xennet check the checksum setting before renegotiating SG or TSO. This bug was fixed thanks to a report from Anton Burtsev. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~her...

Hello, I was reading about secure Dialect negotiation to prevent man-in-middle to downgrade dialects & capabilities. _https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/_ I wanted to ask, is there any option to disable SMB2 to do dialect renegotiation as present in Windows8 clients, as they can control using RequireSecureNegotiate. -- Thanks Amit

On Sun, Apr 30, 2023 at 04:15:16PM +0300, Alvaro Karsz wrote: > This patch exports a new virtio core function: virtio_block_feature. > The function should be called during a virtio driver probe. > > If a virtio driver blocks features during probe and fails probe, virtio > core will reset the device, try to re-negotiate the new features and > probe again. > >

Hi all I have an ADSL modem which reboots when there is a power cut and the inverter (UPS) kicks in. Internet access is down for a duration of 1 to 2 minutes while the modem boots. I have many SSH tunnels and shells active. Due to the default "TCPKeepAlive On" setting, these sessions are terminated almost immediately. I tried the following configuration: sshd_config on server:

>>>>>>> facing [ no shared cipher ] error with EC private keys. >>>>>> the client connecting to your instance has to support ecdsa >>>>>> >>>>>> >>>>> It does - Thunderbird 60.0b10 (64-bit) >>>>> >>>>> [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] >>>>>

One of our clients has a Draytek Vigor 2920- their natted Snom phones behind it are registered to an Asterisk 1.4 server on an external public IP. I've set QOS, bandwidth management and turned off the SIP ALG via telnet but I'm still having some problems with some of the phones losing registration if Asterisk is restarted. I can see the phones sending SIP REGISTER messages, but they