search for: secrecy

..._________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos Hi Alex, In this situation 2.2.29 actually does offer an advantage over CentOS version 2.2.15. The version provided by CentOS does not support Forward Secrecy for SSL or TLS 1.2. Version 2.2.24+ of upstream Apache includes patches which enable both Forward Secrecy and TLS 1.2. Now that C6's OpenSSL can also support both TLS 1.2, and Forward Secrecy, upgrading Apache slightly to be able to use both of those is a very viable option. Although, in my...

RHEL/CentOS 6.5 will support ECDHE Fedora currently makes the turnaround no wonder that i burned down many hours: https://bugzilla.redhat.com/show_bug.cgi?id=1019390 https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 ______________________________ recent dovecot with also support older clients but perfer best possible encryption for modern ones ssl_prefer_server_ciphers = yes

Sounds like Comcast's manual for CALEA compliance was leaked. Pretty interesting read if you are curious: http://www.fas.org/blog/secrecy/ Direct link (PDF): http://www.fas.org/blog/secrecy/docs/handbook.pdf -- Kristian Kielhofner

Hi Timo, reading this http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use with apple mail ( if no ECDHE is possible ,by missing openssl 1.x etc, seems that apple mail tries ECDHE first if fails its going to use RSA-AES128-SHA ) force soltution as tried ssl_cipher_list = DHE-RSA-...

I am interested in configuring Dovecot's TLS so as to retain forward secrecy, but eliminate all of NIST's elliptic curves. Besides being subject to side channel attacks [1], in some quarters there is a general distrust of NIST's curves and any of their other cryptographic primitives after the Dual EC DRBG debacle. >From what I can tell, the following will pre...

On Thu, December 18, 2014 00:31, Jake Shipton wrote: > > Hi Alex, > > In this situation 2.2.29 actually does offer an advantage over CentOS > version 2.2.15. > > The version provided by CentOS does not support Forward Secrecy for SSL > or TLS 1.2. > > Version 2.2.24+ of upstream Apache includes patches which enable both > Forward Secrecy and TLS 1.2. > > Now that C6's OpenSSL can also support both TLS 1.2, and Forward > Secrecy, upgrading Apache slightly to be able to use both of those is a >...

On 15.12.2014 12:50, Steve Clark wrote: > On 12/15/2014 05:51 AM, For at ll wrote: >> Hi >> >> I had a two repo for cento6 where I can download httpd 2.2.29, >> (baseurl=http://centos.alt.ru/repository/centos/6/$basearch/) and >> baseurl=http://mirror.fserver.ru/centos-repo/6/$basearch >> >> For now this repo is not active, any other repo have 2.2.29

On 05 Dec 2015, at 11:32, Gerhard Wiesinger <lists at wiesinger.com> wrote: > > Is it possible to configure the secure session caching mechanism? > e.g. like in nginx: https://bjornjohansen.no/optimizing-https-nginx I remember hearing about various security vulnerabilities in that earlier.. I guess they're fixed now then, unless people find more ways to exploit it. Anyway

...smissions). is there any way to configure to have the previous behaviour? Im trying to set dtlscipher=AES128-SHA but I always see DTLS ECDH initialized (automatic), faster PFS enabled any idea? Thanks! res_rtp_asterisk ------------------ * The DTLS part in Asterisk now supports Perfect Forward Secrecy (PFS). Enabling PFS is attempted by default, and is dependent on the configuration of the module using TLS. - Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not specify a ECDHE cipher suite in sip.conf, for example: dtlscipher=AES128-SHA - Ephemeral DH (DHE) is disabled by default....

...d it to the config? likely > not! Configuration management. :) Also, no, you need to do more than just disable SSLv3. You need to disable several cipher groups allowed in TLSv1.0 and TLSv1.1, bump up the DH parameter size, and, if your client base allows it, only allow ciphers with forward secrecy.

...nywhere_ where one would expect to find it. By this I mean locations like icecast.org, freshmeat.net, etc. I wonder how people start to hear about icecast2. But when they do, the _only_ way to find the actual software is to come to this list and ask. Is this any good? Is there a reason for such secrecy? > > >>>I never said that it's a final release, I said "alpha release". It's not >> >>Then how is it a replacement for icecast1? How is a fully released >>icecast1 obsoleted by an alpha release? > > > Who said Icecast2 is a replacemen...

On Wed, 14 Nov 2018, Aki Tuomi wrote: >> I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So >> I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to >> enable TLS1.2 and TLS1.3 only. >> >> Is this possible with dovecot-2.2.36 / how to setup this? > > Not possible I'm afraid. ("Not possible" = challenge!)

...uld tell me if my config is super secure? I run the following email clients: K9 on Android 4.4.2 Thunderbird 31.4 Outlook 2010 I'm interested to know if the config I have is secure and that my cipher list is acceptable. I'm also keen to hear thoughts on my config in respect of Forward Secrecy and the SSLv3/POODLE attack. Thanks!

...ent T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023 E miguel.sanders at arcelormittal.com www.arcelormittal.com/gent **** This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected by professional secrecy or intellectual property rights. If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is pr...

Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10

I''ve got two recent examples of SSDs. Their pristine state from the manufacturer shows: Device Model: OCZ-VERTEX3 # hexdump -C /dev/sdd 00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 1bf2976000 Device Model: OCZ VERTEX PLUS (OCZ VERTEX 2E) # hexdump -C /dev/sdd 00000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................| *

...ed I'd get this out. This belongs on sci.crypt or a general OpenSSH mailing list] First, a quick rehash of stuff everyone here already knows, OpenSSH can use two major forms of authentication: 1. Password 2. RSA keys The RSA method is good because it doesn't rely on the (frequently non)secrecy of passwords. It's primary disadvantage is that using it correctly requires a PKI of some form (be it x.509 certs, GPG signed copies, manual key population) to be secure. Considering the complexity, cost, and lack of standardaztion, *most* orgs will are not and will not be using RSA keys anytim...

...12/07/29/cracking-ms-chap-v2/ . Make sure IPsec is used with certificates instead. tinc is an educational project sponsored by a university aiming to grow awareness of encryption over the public internet. It does not have a marketing department. Criticism is welcome. Think of Schneier *"Secrecy and security aren't the same, even though it may seem that way. Only bad security relies on secrecy; good security works even if all the details of it are public."* <https://en.wikipedia.org/wiki/Bruce_Schneier#cite_note-20> tinc like much security software can have 'Encryption...

...) Thanks a lot. John -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender''s organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator...

...) Thanks a lot. John -------------------------------------------------------- ZTE Information Security Notice: The information contained in this mail is solely property of the sender''s organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator...