search for: sha

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:...

Dear all, I send you a new email to know what is the progress of SCRAM-SHA-***(-PLUS) supports? Currently there is only SCRAM-SHA-1: https://doc.dovecot.org/configuration_manual/authentication/password_schemes/. - RFC6331: Moving DIGEST-MD5 to Historic: https://tools.ietf.org/html/rfc6331 - RFC5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS...

Hello Stephan, Thanks for the link about SCRAM-SHA-256, good news for this point, hope a merge soon :) I am from this page: https://wiki.dovecot.org/Authentication/PasswordSchemes ^^ The -PLUS variant for all SCRAM is not possible too for have (with other SCRAM): SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS)...

...ently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128 bits DHE-RSA-AES128-SHA Accepted SSLv3 128 bits AES128-SHA Accepted SSLv3 128 bits RC4-SHA Accepted SSLv3 128 bits RC4-MD5 Accepted SSLv3 112 bits EDH-RSA-DES-CBC3-SHA Accepted SSLv3 112 bits DES-...

...n): > > ssl = required > > disable_plaintext_auth = yes #change default 'no' to 'yes' > > ssl_prefer_server_ciphers = yes > > ssl_options = no_compression > > ssl_dh_parameters_length = 2048 > > ssl_cipher_list = > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- > RSA-AES256-SHA...

Hello all, I would like to know if it is possible to add SCRAM-SHA-256 and SCRAM-SHA-512 supports? RFC7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS: Simple Authentication and Security Layer (SASL) Mechanisms https://tools.ietf.org/html/rfc7677 Thanks in advance. Regards, Neustradamus -------------- next part -------------- An HTML attachment was scrubbed... URL:...

I set icecast.xmp: <listen-socket> <port>8000</port> </listen-socket> <listen-socket> <port>8443</port> <ssl>1</ssl> </listen-socket> 8000 work, 8443 not work. If set ssl to port 8000 not work nothing V V sob., 27. jun. 2020 ob 18:13 je oseba Paul Martin <pm at nowster.me.uk> napisala:

...intext_auth = yes #change default 'no' to 'yes' > > > > ssl_prefer_server_ciphers = yes > > > > ssl_options = no_compression > > > > ssl_dh_parameters_length = 2048 > > > > ssl_cipher_list = > > > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > > > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > > > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > > > AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > > > SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECD...

...this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:...

...atible, it has to be changed to "ALL:!LOW" (just upercased in this case). IMO, this would be helpful because executing openssl ciphers -v 'all:!low' would not return any cipher, but openssl ciphers -v 'ALL:!LOW' would return the expected cipher list such as ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-SHA...

...se good ssl_cipher_list (https://wiki.mozilla.org/Security/Server_Side_TLS)? My config ## Service options # 10-ssl ssl = yes ssl_cert = </etc/pki/tls/certs/.crt ssl_key = </etc/pki/tls/private/.key ssl_require_crl = no ssl_ca = </etc/pki/tls/cert.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:...

...events at a minimum. >> >> Apologies, I did not see the attachments. Will look on a real screen later. > > Looks like your main problem has ben solved, but I have a couple of comments on your doveconf: > > >> args = scheme=CRYPT > > CRYPT is a poor choice. SHA256-CRYPT is a decent choice. SHA512-CRYPT too. I din't go with ARGON because at the time my toolchain didn't support libsodium and my machine doesn't have the memory for it. Thank you! I actually set this to a better value for each password in the passwd-file explicit, but it seems to...

On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote: > IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum. Apologies, I did not see the attachments. Will look on a real screen later.

...added (based on found documentation): > ssl = required > disable_plaintext_auth = yes #change default 'no' to 'yes' > ssl_prefer_server_ciphers = yes > ssl_options = no_compression > ssl_dh_parameters_length = 2048 > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:...

...' to 'yes' > >> > > > ssl_prefer_server_ciphers = yes > >> > > > ssl_options = no_compression > >> > > > ssl_dh_parameters_length = 2048 > >> > > > ssl_cipher_list = > >> > > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > >> > > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > >> > > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > >> > > AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > >> > > S...

...20-06-28 07:54:24] DBUG yp/yp.c Updating YP configuration [2020-06-28 07:54:24] INFO yp/yp.c YP update thread started [2020-06-28 07:54:24] INFO connection/connection.c SSL certificate found at icecast.pem [2020-06-28 07:54:24] INFO connection/connection.c SSL using ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:...

...VqRTN10MNTie+S> I can't figure it out.... Any hints? This is my configuration: # 2.2.36 (1f10bfa63): /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.11 # Hostname: imap-front13.mailfarm.interac.it auth_mechanisms = plain login digest-md5 cram-md5 apop scram-sha-1 auth_verbose = yes auth_verbose_passwords = plain auth_worker_max_count = 50 base_dir = /var/run/dovecot/ default_login_user = nobody director_doveadm_port = 9091 director_mail_servers = 192.168.1.142 192.168.1.143 192.168.1.144 192.168.1.145 192.168.1.216 192.168.1.217 192.168.1.218 192.168.1.2...

...gt;>> On 16 December 2018 at 10:27 Tributh via dovecot <dovecot at dovecot.org> wrote: >>> >>> >>> Hi, >>> is that here the right place to make feature requests? >>> >>> dovecot supports as authentication mechanism >>> SCRAM-SHA-1 from RFC 5802 >>> which was updated to >>> SCRAM-SHA-256 in RFC 7677 >>> >>> Can SCRAM-SHA-256 be added to the authentication mechanisms? >>> >>> I would not like to request, that SCRAM-SHA-1 will be exchanged by >>> SCRAM-SHA-256, si...

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to ssl_protocols = !SSLv3 (the "out of the box" setting). The certificate (ssl_cert = </etc/ssl/certs/certificate_and_key.crt) is...

....com): connect(172.17.1.1, 143) failed: Too many open files (after 0 secs): user=<post at example.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, TLS, session=<FgPWTWhXa8dQjLoi> 11:26:17 imap-login: Error: socketpair() failed: Too many open files 11:26:17 imap-login: Error: proxy: SSL handshake failed to 172.17.1.1:143: user=<post at example.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, TLS, session=<HALWTWhXasdQjLoi> 11:26:17 imap-login: Error: socket() failed: Too many open files 11:26:17 imap-login: Error: proxy(post at example.com): connect(172.17.1.1, 143) failed: Too m...