search for: ssl3

> SSL3 is no longer included in the cipher sets. Try this: > > ssl_min_protocol = SSLv3 Thanks. Unfortunately, no dice - same error. Any other tips? I was under the impression "no shared cipher" was rather the problem? -------------- next part -------------- A non-text attachment was s...

Hi, I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash. What was going on is this: In ssl-proxy-openssl.c in line 545 in the function ssl_step() the function ssl_handshake() is called. There SSL_accept() is called. If SSL_accept failes - because a client sent an invalid packet or something the server...

I am trying to use fetchmail to monitor box in office365.com. Its not working. Is there a "better" way to monitor and inbox ? I have verified all the ports are open, using 993, using ssl, using sslproto SSL3 etc.. Anyone done this ? Got it working. I basically have: machine outlook.office365.com login myuser at mydomain password mypassword fetchmail --ssl --sslproto SSL3 --smtpname X -u X outlook.office365.com Thanks, jerry

On 21/8/2019 18:51, Kristijan Savic - ratiokontakt GmbH via dovecot wrote: > >> SSL3 is no longer included in the cipher sets. Try this: >> >> ssl_min_protocol = SSLv3 > > Thanks. Unfortunately, no dice - same error. > > Any other tips? I was under the impression "no shared cipher" was rather the > problem? Yes this is exactly the problem but...

Am 21.03.2015 um 12:02 schrieb James: > On 21/03/2015 10:55, Reindl Harald wrote: >> >> well, remove that brickage of "special compile" > > I'm sorry but I did not understand your comment why do you compile openssl that way? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size:

...2.3.7.1-1 Not many, but some users are experiencing difficulties. The dovecot directors log: Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<EeoTt5+QXwVUl87W> Any ide what could be causing it? Thanks, Kristijan -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally sign...

...conf on Samba4. I am using the following: tls enabled = yes tls keyfile = tls/myKey.pem tls certfile = tls/myCert.pem tls cafile = With a self-signed cert. But when I remote connect from another host using: openssl s_client -showcerts -connect samba4-dc:636 -ssl3 I get a successful connection. Any ideas? Thanks, Chris. -- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192

...roblems. ted at expectation:~# doveadm backup -D -R -u ted imapc: dsync(ted): Info: imapc(imap.gmail.com:993): Connected to 74.125.71.108:993 (local 10.7.1.179:53852) dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected unexpectedly: SSL_connect() failed: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert number 40 - reconnecting (delay 0 ms) dsync(ted): Info: imapc(imap.gmail.com:993): Connected to 74.125.71.109:993 (local 10.7.1.179:59052) dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected unexpectedly: SSL_connect() failed: error:...

On 20/03/2015 18:24, Timo Sirainen wrote: >> Connecting to dovecot with ssl3 causes imap-login to die: >> >> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1] > > I can't reproduce it. I tried it with the same ssl_* settings you had...

>> facing [ no shared cipher ] error with EC private keys. > the client connecting to your instance has to support ecdsa > > It does - Thunderbird 60.0b10 (64-bit) [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] It seems there is a difference between the private key (rsa vs. ecc -> SSL_CTX?) used for the certificate signing request and the signed certificate. The csr created from a private key with [ openssl genpkey -algorithm RSA ] and signed by a CA with [ ecdhe...

Hi all, when hardening dovecot against the POODLE vulnerability, we followed the advise to disable SSL2 and SSL3 but this is giving problems with some email clients (claws-mail). ssl_protocols = !SSLv2 !SSLv3 results in the following error: dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL...

...> Scott Robbins > > Those are the ones I changed in about:config. It didn't work for > me. > I've been having a similar issue (with an internal router). The following from the above link did the trick for me: Found the keys. Go into about:config and search security.ssl3.dhe_rsa_aes It'll return two keys that are set to true. Set them both to false. Things should load now I didn't have to restart the browser.

...ntries saying I used SSLv3 (which is not allowed). Here's my system info: OSX Yosemite (x86_64, HFS+) Dovecot 2.2.15 (via Homebrew) OpenSSL 0.9.8zd The configuration (see below) disallows SSLv3, and if I try and connect with OpenSSL to test that ("openssl s_client -connect localhost:993 -ssl3") it fails as expected. If I do the same command, but with "-tls1" instead of "-ssl3", I can connect and run IMAP commands. The problem is, if I open up the Dovecot logs and look at the SSL log messages, they all say I used SSLv3. As an example, this is a truncated log from...

Connecting to dovecot with ssl3 causes imap-login to die: $ openssl s_client -connect localhost:993 -ssl3 CONNECTED(00000003) 4277630796:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1461:SSL alert number 40 4277630796:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_p...

...with ar and llvm-ar on Ubuntu 64 bits. Does anyone knows why? I searched in the llvm-ar doc in order to find if there was an argument or something like that. For information, I configured openssl with the following parameters : ./Configure darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 no-comp --openssldir=/usr/local/ssl/macos-x86_64 And I replaced this line AR= ar $(ARFLAGS) r in the Makefile with this AR= /path/to/llvm-ar $(ARFLAGS) r Greetings, Johan Wehrli

...b dc=dbb,dc=su,dc=se ?x It works on the ldap server without errors, but on the Samba server I get the following error: TLS certificate verification: Error, self signed certificate tls_write: want=7, written=7 0000: 15 03 01 00 02 02 30 ......0 TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_perror ldap_bind: Can't contact LDAP server (81) additional info: error:14090086:SSL routines:SSL3_GE...

Hello I have more and more troubles using firefox in professional environment with CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some old server hardware (IDRAC7 of DELL C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version to administrate these servers. Today I upgrade the firmware of 2 DELL switch and now

...server hardware (IDRAC7 of DELL > C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to > install an old Firefox32 version to administrate these servers. > Can you try: (in Firefox's about:config): possible workaround for SSL_ERROR_WEAK_SERVER_CERT_KEY security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha > Today I upgrade the firmware of 2 DELL switch and now Firefox cannot > connect to them anymore saying: > /An error occurred during a connection to xxx.xxx.xxx.xxx. The > server rejected the handshake because the client downgra...

...to OpenSSL without Dovecot (or I) >> knowing all that much about them. I think you still need it, but maybe >> it's because your ssl_cipher_list is so limited that it fails the >> session anyway (just my guess). I'd better add this PS, my openssl is compiled with "no-ssl3" which is where the the SSL23 unsupported is coming from. I've remove the "no-ssl3" from openssl indeed it accepts the connection, however, with "ssl_protocols = !SSLv2 !SSLv3" in dovecot.conf imap-login still sig 11s. James.

...vecot (or I) >>> knowing all that much about them. I think you still need it, but maybe >>> it's because your ssl_cipher_list is so limited that it fails the >>> session anyway (just my guess). > > I'd better add this PS, my openssl is compiled with "no-ssl3" which is > where the the SSL23 unsupported is coming from. I've remove the > "no-ssl3" from openssl indeed it accepts the connection, however, with > "ssl_protocols = !SSLv2 !SSLv3" in dovecot.conf imap-login still sig 11s well, remove that brickage of &quot...