search for: secreci

On 16/12/14 18:15, Alexander Dalloz wrote: > Am 16.12.2014 um 16:03 schrieb For at ll: >> On 15.12.2014 12:50, Steve Clark wrote: >>> On 12/15/2014 05:51 AM, For at ll wrote: >>>> Hi >>>> >>>> I had a two repo for cento6 where I can download httpd 2.2.29, >>>> (baseurl=http://centos.alt.ru/repository/centos/6/$basearch/) and

RHEL/CentOS 6.5 will support ECDHE Fedora currently makes the turnaround no wonder that i burned down many hours: https://bugzilla.redhat.com/show_bug.cgi?id=1019390 https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 ______________________________ recent dovecot with also support older clients but perfer best possible encryption for modern ones ssl_prefer_server_ciphers = yes

Sounds like Comcast's manual for CALEA compliance was leaked. Pretty interesting read if you are curious: http://www.fas.org/blog/secrecy/ Direct link (PDF): http://www.fas.org/blog/secrecy/docs/handbook.pdf -- Kristian Kielhofner

Hi Timo, reading this http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use with apple mail ( if no ECDHE is possible ,by missing openssl 1.x etc, seems that apple mail tries ECDHE first if fails its going to use RSA-AES128-SHA ) force soltution as tried ssl_cipher_list =

I am interested in configuring Dovecot's TLS so as to retain forward secrecy, but eliminate all of NIST's elliptic curves. Besides being subject to side channel attacks [1], in some quarters there is a general distrust of NIST's curves and any of their other cryptographic primitives after the Dual EC DRBG debacle. >From what I can tell, the following will prevent the use of

On Thu, December 18, 2014 00:31, Jake Shipton wrote: > > Hi Alex, > > In this situation 2.2.29 actually does offer an advantage over CentOS > version 2.2.15. > > The version provided by CentOS does not support Forward Secrecy for SSL > or TLS 1.2. > > Version 2.2.24+ of upstream Apache includes patches which enable both > Forward Secrecy and TLS 1.2. > > Now

On 15.12.2014 12:50, Steve Clark wrote: > On 12/15/2014 05:51 AM, For at ll wrote: >> Hi >> >> I had a two repo for cento6 where I can download httpd 2.2.29, >> (baseurl=http://centos.alt.ru/repository/centos/6/$basearch/) and >> baseurl=http://mirror.fserver.ru/centos-repo/6/$basearch >> >> For now this repo is not active, any other repo have 2.2.29

On 05 Dec 2015, at 11:32, Gerhard Wiesinger <lists at wiesinger.com> wrote: > > Is it possible to configure the secure session caching mechanism? > e.g. like in nginx: https://bjornjohansen.no/optimizing-https-nginx I remember hearing about various security vulnerabilities in that earlier.. I guess they're fixed now then, unless people find more ways to exploit it. Anyway

>From this change (res_rtp_asterisk): ast 13.10 to 13.11 webrtc JSSIP stop working, failing with chan_sip.c:4083 retrans_pkt: Hanging up call 7238b48c11581d4166b899bf747a05f7 at 130.211.62.184:0 - no reply to our critical packet (see https://wiki.asterisk.org/wiki/display/AST/SIP+Retransmissions). is there any way to configure to have the previous behaviour? Im trying to set

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a

gtgbr@gmx.net wrote: > Aaron Gaudio wrote: > >>Where is it released? Telling me I have to set up cvs to download > > > http://www.xiph.org/~msmith/ > > This has been said before. This is no good. This is by far not the first time someone has pointed out, that icecast2 is not mentioned _anywhere_ where one would expect to find it. By this I mean locations like

On Wed, 14 Nov 2018, Aki Tuomi wrote: >> I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So >> I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to >> enable TLS1.2 and TLS1.3 only. >> >> Is this possible with dovecot-2.2.36 / how to setup this? > > Not possible I'm afraid. ("Not possible" = challenge!)

Hi All First the essentials: dovecot --version: 2.2.15 /usr/local/etc/dovecot/conf.d/10-ssl.conf: ssl = required ssl_cert = </usr/local/openssl/certs/mail.domain.com.chained.dovecot.ecdsa.crt ssl_key = </usr/local/openssl/certs/mail.domain.com.ecdsa.key ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list =

Hi guys I've been browsing the code and at many places I found the following odd sequence: char * string=malloc(somesize); ? bzero(string,strlen(string)); free(string); I really don't see why you would zero a string and free the memory immediately afterwards? Any idea why this is done? Thanks! Met vriendelijke groet Best regards Bien ? vous Miguel SANDERS ArcelorMittal Gent UNIX

Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10

I''ve got two recent examples of SSDs. Their pristine state from the manufacturer shows: Device Model: OCZ-VERTEX3 # hexdump -C /dev/sdd 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 1bf2976000 Device Model: OCZ VERTEX PLUS (OCZ VERTEX 2E) # hexdump -C /dev/sdd 00000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| *

[I know this is the 'port' list, but I can't find a better place to post this, and with the garbage going on @slashdot I figured I'd get this out. This belongs on sci.crypt or a general OpenSSH mailing list] First, a quick rehash of stuff everyone here already knows, OpenSSH can use two major forms of authentication: 1. Password 2. RSA keys The RSA method is good because it

IPsec Pre Shared Key for enterprise wireless is worse than PPTP according to https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/ . Make sure IPsec is used with certificates instead. tinc is an educational project sponsored by a university aiming to grow awareness of encryption over the public internet. It does not have a marketing department. Criticism is welcome. Think of

Hello, When I snapshot a vm( hvm centos ) the first time, it succeed. There is a snapshot file on disk and the vm is running. But when I do it the second time, it fail for timeout. what''s wrong with it? This error happened when I used xen-4.0.1-rc5 and kernel-2.6.31.13. Today I update to xen-4.0.1 and kernel-2.6.32.25, it is with the same wrong. Error message:

Hello, When I snapshot a vm( hvm centos ) the first time, it succeed. There is a snapshot file on disk and the vm is running. But when I do it the second time, it fail for timeout. what''s wrong with it? This error happened when I used xen-4.0.1-rc5 and kernel-2.6.31.13. Today I update to xen-4.0.1 and kernel-2.6.32.25, it is with the same wrong. Error message: