Displaying 20 results from an estimated 126 matches for "ssl3".
Did you mean:
ssl
2019 Aug 21
2
sometimes no shared cipher after upgrade from 2.2 to 2.3
> SSL3 is no longer included in the cipher sets. Try this:
>
> ssl_min_protocol = SSLv3
Thanks. Unfortunately, no dice - same error.
Any other tips? I was under the impression "no shared cipher" was rather the
problem?
-------------- next part --------------
A non-text attachment was s...
2015 Apr 24
3
[patch] TLS Handshake failures can crash imap-login
Hi,
I tracked down a tricky bug in dovecot that can cause the imap-login
and pop3-login processes to crash on handshake failures.
This can be tested by disabling SSLv3 in the dovecot config
(ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and
forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This
would cause a crash.
What was going on is this:
In ssl-proxy-openssl.c in line 545 in the function ssl_step() the
function ssl_handshake() is called. There SSL_accept() is called. If
SSL_accept failes - because a client sent an invalid packet or
something the server...
2020 Feb 13
2
Monitor email for office365.com with fetchmail
I am trying to use fetchmail to monitor box in office365.com.
Its not working.
Is there a "better" way to monitor and inbox ?
I have verified all the ports are open, using 993, using ssl, using
sslproto SSL3 etc..
Anyone done this ? Got it working.
I basically have:
machine outlook.office365.com
login myuser at mydomain
password mypassword
fetchmail --ssl --sslproto SSL3 --smtpname X -u X outlook.office365.com
Thanks,
jerry
2019 Aug 21
0
sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21/8/2019 18:51, Kristijan Savic - ratiokontakt GmbH via dovecot wrote:
>
>> SSL3 is no longer included in the cipher sets. Try this:
>>
>> ssl_min_protocol = SSLv3
>
> Thanks. Unfortunately, no dice - same error.
>
> Any other tips? I was under the impression "no shared cipher" was rather the
> problem?
Yes this is exactly the problem but...
2015 Mar 21
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Am 21.03.2015 um 12:02 schrieb James:
> On 21/03/2015 10:55, Reindl Harald wrote:
>>
>> well, remove that brickage of "special compile"
>
> I'm sorry but I did not understand your comment
why do you compile openssl that way?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size:
2019 Aug 21
4
sometimes no shared cipher after upgrade from 2.2 to 2.3
...2.3.7.1-1
Not many, but some users are experiencing difficulties. The dovecot directors
log:
Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts
in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking:
SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no
shared cipher, session=<EeoTt5+QXwVUl87W>
Any ide what could be causing it?
Thanks,
Kristijan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally sign...
2014 Nov 04
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
...conf on Samba4.
I am using the following:
tls enabled = yes
tls keyfile = tls/myKey.pem
tls certfile = tls/myCert.pem
tls cafile =
With a self-signed cert.
But when I remote connect from another host using:
openssl s_client -showcerts -connect samba4-dc:636 -ssl3
I get a successful connection.
Any ideas?
Thanks,
Chris.
--
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192
2020 Mar 30
2
doveadm backup from gmail with imapc
...roblems.
ted at expectation:~# doveadm backup -D -R -u ted imapc:
dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
74.125.71.108:993 (local 10.7.1.179:53852)
dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected
unexpectedly: SSL_connect() failed: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert
number 40 - reconnecting (delay 0 ms)
dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
74.125.71.109:993 (local 10.7.1.179:59052)
dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected
unexpectedly: SSL_connect() failed: error:...
2015 Mar 21
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 20/03/2015 18:24, Timo Sirainen wrote:
>> Connecting to dovecot with ssl3 causes imap-login to die:
>>
>> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1]
>
> I can't reproduce it. I tried it with the same ssl_* settings you had...
2018 Jul 29
4
2.3.2.1 - EC keys suppport?
>> facing [ no shared cipher ] error with EC private keys.
> the client connecting to your instance has to support ecdsa
>
>
It does - Thunderbird 60.0b10 (64-bit)
[ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
It seems there is a difference between the private key (rsa vs. ecc ->
SSL_CTX?) used for the certificate signing request and the signed
certificate.
The csr created from a private key with [ openssl genpkey -algorithm RSA
] and signed by a CA with [ ecdhe...
2015 Jan 09
4
dovecot on wheezy, best ssl configuration ?
Hi all, when hardening dovecot against the POODLE vulnerability,
we followed the advise to disable SSL2 and SSL3
but this is giving problems with some email clients (claws-mail).
ssl_protocols = !SSLv2 !SSLv3
results in the following error:
dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>,
rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed:
error:1408A0C1:SSL routines:SSL...
2015 Jul 22
2
Firefox 39
...> Scott Robbins
>
> Those are the ones I changed in about:config. It didn't work for
> me.
>
I've been having a similar issue (with an internal router). The
following from the above link did the trick for me:
Found the keys. Go into about:config and search
security.ssl3.dhe_rsa_aes
It'll return two keys that are set to true. Set them both to
false. Things should load now
I didn't have to restart the browser.
2015 Jun 03
1
Misleading SSL/TLS Log Messages
...ntries saying
I used SSLv3 (which is not allowed). Here's my system info:
OSX Yosemite (x86_64, HFS+)
Dovecot 2.2.15 (via Homebrew)
OpenSSL 0.9.8zd
The configuration (see below) disallows SSLv3, and if I try and connect
with OpenSSL to test that ("openssl s_client -connect localhost:993 -ssl3")
it fails as expected. If I do the same command, but with "-tls1" instead of
"-ssl3", I can connect and run IMAP commands. The problem is, if I open up
the Dovecot logs and look at the SSL log messages, they all say I used
SSLv3. As an example, this is a truncated log from...
2015 Mar 20
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Connecting to dovecot with ssl3 causes imap-login to die:
$ openssl s_client -connect localhost:993 -ssl3
CONNECTED(00000003)
4277630796:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure:s3_pkt.c:1461:SSL alert number 40
4277630796:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake
failure:s3_p...
2015 Jun 05
2
[LLVMdev] LLVM-ar and openssl
...with ar and llvm-ar on Ubuntu 64 bits.
Does anyone knows why? I searched in the llvm-ar doc in order to find if there was an argument or something like that.
For information, I configured openssl with the following parameters :
./Configure darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 no-ssl2 no-ssl3 no-comp --openssldir=/usr/local/ssl/macos-x86_64
And I replaced this line AR= ar $(ARFLAGS) r in the Makefile with this AR= /path/to/llvm-ar $(ARFLAGS) r
Greetings,
Johan Wehrli
2004 May 27
3
Samba Ldap tls/ssl problem
...b dc=dbb,dc=su,dc=se ?x
It works on the ldap server without errors, but on the Samba server I get the
following error:
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
0000: 15 03 01 00 02 02 30 ......0
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GE...
2017 Feb 10
7
Wich web browser on CentOS6 ?
Hello
I have more and more troubles using firefox in professional environment with
CentOS6. The latest version is 45.7.0 But I can't use it anymore to access some
old server hardware (IDRAC7 of DELL C6100) because of
"/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to install an old Firefox32 version
to administrate these servers.
Today I upgrade the firmware of 2 DELL switch and now
2017 Feb 10
0
Wich web browser on CentOS6 ?
...server hardware (IDRAC7 of DELL
> C6100) because of "/SSL_ERROR_WEAK_SERVER_CERT_KEY/". I had to
> install an old Firefox32 version to administrate these servers.
>
Can you try: (in Firefox's about:config):
possible workaround for SSL_ERROR_WEAK_SERVER_CERT_KEY
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha
> Today I upgrade the firmware of 2 DELL switch and now Firefox cannot
> connect to them anymore saying:
> /An error occurred during a connection to xxx.xxx.xxx.xxx. The
> server rejected the handshake because the client downgra...
2015 Mar 21
0
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
...to OpenSSL without Dovecot (or I)
>> knowing all that much about them. I think you still need it, but maybe
>> it's because your ssl_cipher_list is so limited that it fails the
>> session anyway (just my guess).
I'd better add this PS, my openssl is compiled with "no-ssl3" which is
where the the SSL23 unsupported is coming from. I've remove the
"no-ssl3" from openssl indeed it accepts the connection, however, with
"ssl_protocols = !SSLv2 !SSLv3" in dovecot.conf imap-login still sig 11s.
James.
2015 Mar 21
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
...vecot (or I)
>>> knowing all that much about them. I think you still need it, but maybe
>>> it's because your ssl_cipher_list is so limited that it fails the
>>> session anyway (just my guess).
>
> I'd better add this PS, my openssl is compiled with "no-ssl3" which is
> where the the SSL23 unsupported is coming from. I've remove the
> "no-ssl3" from openssl indeed it accepts the connection, however, with
> "ssl_protocols = !SSLv2 !SSLv3" in dovecot.conf imap-login still sig 11s
well, remove that brickage of "...