search for: sha256

...about two weeks, and the 7.1-RC1 builds a week after that. Checksums for the ISOs: ------------ MD5 (6.4-BETA-alpha-bootonly.iso) = 3e222422a6c029b8b1922dbbfeb4b040 MD5 (6.4-BETA-alpha-disc1.iso) = 94a7df84eaa9111ee34ab849c9211560 MD5 (6.4-BETA-alpha-docs.iso) = 8a4606e35db9c2dc0ae1b6a6ea17eed2 SHA256 (6.4-BETA-alpha-bootonly.iso) = f11dcdf0d8eb549a273ac15ce4b2434a4ac90990565d8bd45f1901b01a818936 SHA256 (6.4-BETA-alpha-disc1.iso) = 244b65286c8c8c6b7270320506eb2fd233f0cf4ca968613384496aa10a706f75 SHA256 (6.4-BETA-alpha-docs.iso) = 49d753dfb3cfd80b137b2b10f34e30799a0765e03561863279de420119f02333...

...aults, both before and after the upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default changes. The new defaults broke the connection. Jan > what are your settings? > > Mine are below and they work just fine: > > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

I set icecast.xmp: <listen-socket> <port>8000</port> </listen-socket> <listen-socket> <port>8443</port> <ssl>1</ssl> </listen-socket> 8000 work, 8443 not work. If set ssl to port 8000 not work nothing V V sob., 27. jun. 2020 ob 18:13 je oseba Paul Martin <pm at nowster.me.uk> napisala:

...this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote: > IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum. Apologies, I did not see the attachments. Will look on a real screen later.

The newly-released kernel v2.6.32-504.23.4.el6 includes the back-ported SHA256-SSSE3 driver. Why is the generic version of the SHA256 driver selected at runtime instead of the SSSE3 version on this x86_64 system? Yes, my CPU does support the SSSE3 instruction set, and the use of SHA256 is invoked by the LUKS "cipher=aes-cbc-essiv:sha256" option. On the running...

...events at a minimum. >> >> Apologies, I did not see the attachments. Will look on a real screen later. > > Looks like your main problem has ben solved, but I have a couple of comments on your doveconf: > > >> args = scheme=CRYPT > > CRYPT is a poor choice. SHA256-CRYPT is a decent choice. SHA512-CRYPT too. I din't go with ARGON because at the time my toolchain didn't support libsodium and my machine doesn't have the memory for it. Thank you! I actually set this to a better value for each password in the passwd-file explicit, but it seems to be...

...is the same. Local: $ ssh-agent > /tmp/agent.env $ source /tmp/agent.env $ ssh-add ~/.ssh/id_user $ ssh -A remote Remote: $ SSH_AUTH_SOCK=/tmp/ssh-1rVbCSbuDP/agent.3145 $ ssh-add newkey Identity added: newkey (newkey) Local: $ source /tmp/agent.env $ ssh-add -l 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA) 2048 SHA256:32C...qYBs /home/user/.ssh/id_user (RSA-CERT) 2048 SHA256:SZG...5hUQ newkey (RSA) That worked perfectly, it seems. > > Is such an operation advisable? > > That's up to you. ssh-add decrypts the private key locally where invok...

...= yes } process_min_avail = 20 } service managesieve-login { executable = managesieve-login director inet_listener sieve { port = 4190 } } service pop3-login { executable = pop3-login director } ssl_cert = </etc/ssl/certs/certum_wildcard.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

...e-login director >> inet_listener sieve { >> port = 4190 >> } >> } >> service pop3-login { >> executable = pop3-login director >> } >> ssl_cert = </etc/ssl/certs/certum_wildcard.pem >> ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

...66 } } service imap-login { executable = imap-login director service_count = 0 vsz_limit = 128 M } service pop3-login { executable = pop3-login director service_count = 0 vsz_limit = 128 M } ssl_cert = </usr/local/etc/dovecot/qcom.wildcard.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM- SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA- AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128- SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128- SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384...

...se good ssl_cipher_list (https://wiki.mozilla.org/Security/Server_Side_TLS)? My config ## Service options # 10-ssl ssl = yes ssl_cert = </etc/pki/tls/certs/.crt ssl_key = </etc/pki/tls/private/.key ssl_require_crl = no ssl_ca = </etc/pki/tls/cert.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

...C = NL, O = GEANT Vereniging, CN = GEANT OV RSA CA 4 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+SHA384:RSA-PSS+SHA384:ECDSA+SHA384:RSA+SHA512:RSA-PSS+SHA512:RSA-PSS+SHA512:ECDSA+SHA512:RSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA256:RSA-PSS+SHA256:RSA-PSS+SHA256:ECDSA+SHA256:Ed25519:RSA+SHA384:RSA-PSS+...

...dress = postmaster at langzeittest.de protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } ssl_cert = </etc/dovecot/ssl-cert-langzeittest-plus-cacert.crt ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes: >> Mine are below and they work just fine: >> >> ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

...PKG_ABI detection in bsdconfig(8) after pkg-1.2. - Fix emulated jail_v0 byte order. - Fix hang on reboot with active iSCSI connections. - Fix a potential system crash if a jail(8) is created and destroyed on systems with VIMAGE. == ISO CHECKSUMS == - 10.0-RC1 amd64: SHA256 (FreeBSD-10.0-RC1-amd64-bootonly.iso) = c640ac78fee2cbc411b701ecc028286c7514fe324ce5ba57176edc42fa143d85 SHA256 (FreeBSD-10.0-RC1-amd64-disc1.iso) = f41c8d4b78cfb6ec0cca4ad21f937fe1e6a65e7b61167467860110c3290d650e SHA256 (FreeBSD-10.0-RC1-amd64-memstick.img) = 9015c7cb025bc9d62eb989...

...20-06-28 07:54:24] DBUG yp/yp.c Updating YP configuration [2020-06-28 07:54:24] INFO yp/yp.c YP update thread started [2020-06-28 07:54:24] INFO connection/connection.c SSL certificate found at icecast.pem [2020-06-28 07:54:24] INFO connection/connection.c SSL using ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECD...

...use of EDH, but this doesn't leave much in the way of allowable algorithms on my server: $ openssl ciphers -V 'HIGH:!DSS:!EECDH:!ECDH:!SHA1:!aNULL:!eNULL:@STRENGTH' 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x6B - DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 0x00,0x9D - AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD 0x00,0x3D - AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au...

...ff:0:1:c0a8:415' (ECDSA) to the list of known hosts. total 12 -rw-r--r-- 1 root root 1829 Jan 23 17:43 authorized_keys -rw-r--r-- 1 root root 575 Jan 21 17:24 sshd.pam drwxr-xr-x 2 root root 4096 Feb 9 14:17 tmp [root at be2 .ssh]# ssh -o UpdateHostkeys=yes be1 ls -l Learned new hostkey: RSA SHA256:Alc84pvwkLVLIyRC7Z5HUpYeySwK+aMykv9cw6LCark Learned new hostkey: DSA SHA256:4RFtn0pMD4/AiKANWn6K3ODT66Jw8CE4SXOnAbOBXgQ Learned new hostkey: ED25519 SHA256:OzKAhPkHQDfk7GTvSZRKIHIv+25inWKy2n0PF8HbIhY Learned new hostkey: RSA SHA256:ZaHa2K0aOv6zzVTNviT08xk/ZY8xeML9uz62OiHAxOM Learned new hostkey: DS...