Displaying 20 results from an estimated 22 matches for "ssl_".
Did you mean:
ssl
2020 May 31
5
I can no longer use TLS for Windows7 and Outlook
...d Mac clients through disabling ports
993/995 with TLS enabled back to ports 143/110 without SSL or they
could not pick up email. Thunderbird users (ie; me) were unaffected.
Could anyone share a set of port 993/995 SSL settings known to work
with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ?
Mine is currently...
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/ssl/example.com/fullchain.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_options = no_compression no_ticket
ssl_prefer_server_ciphers = yes
I have commented...
2015 Mar 21
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
...g to dovecot with ssl3 causes imap-login to die:
>>
>> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1]
>
> I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a gdb backtrace from the crash? It says "core dumped", so I guess there should be a core file somewhere. http://dovecot.org/bugreport.html has some more info on how to get it.
Thank you for your interest, here is a dbx trace. This was with OpenSSL
1.0.2a...
2020 Jul 16
2
Outlook vs Thunderbird
...143/NONE could help pick up the
>>> mail.
>
> windows 7 just need tls 1.0, why its need to disabled all, is as well
> beyong me, do not disable tls 1.0 in dovecot aslong one have windows
> 7 clients
Would anyone with Windows7 clients be able to provide me with the
EXACT set of ssl_* settings that should work with W7 please?
I tried for a week with various combinations but nothing worked short
of disabling SSL altogether. These are the remnants of some attempts...
# 20200531 suggested by Aki Tuomi
#ssl_min_protocol = TLSv1.0
#ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL
# http...
2015 Mar 20
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
...Start Time: 1426851034
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
syslog:
Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login:
Fatal: master: service(imap-login): child 21918 killed with signal 11
(core dumped) [last ip=127.0.0.1]
dovecot.conf had:
ssl_protocols = !SSLv2 !SSLv3
removing that line stops the core dump and syslog then shows:
Mar 20 11:36:25 MAILHOST dovecot: [ID 583609 mail.info] imap-login:
Disconnected (disconnected before auth was ready, waited 0 secs):
user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept()...
2015 Mar 20
0
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
...> Connecting to dovecot with ssl3 causes imap-login to die:
>
> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1]
I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a gdb backtrace from the crash? It says "core dumped", so I guess there should be a core file somewhere. http://dovecot.org/bugreport.html has some more info on how to get it.
> dovecot.conf had:
> ssl_protocols = !SSLv2 !SSLv3
>
> removing tha...
2015 Aug 16
0
Multidomain / IP Address Setup (Dovevot 2.2.10 on CentOS7 ) is failing: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM
>But can you explain why you use globally:
>
>ssl_cert = </etc/ssl/dovecot.pem
>ssl_key = </etc/ssl/private/dovecot.pem
>
>and certs for any additional Domain each?
>
>##
>local_name mail.pettijohn-web.com {
> ssl_cert = </etc/ssl/mail.pettijohn-web.com.crt
> ssl_key = </etc/ssl/private/mail.pettijohn-web.com...
2006 Aug 21
2
Dovecot SSL issue on Solaris 10 x64 (64-bit)
...ail.app with POP3s and IMAPs (both SSL).
But not for Thunderbird (1.5.0.5) and Opera (latest).
Setting "verbose_ssl=yes" and "auth_debug=yes" in the configuration gives
this error
from a Thunderbird login:
Aug 16 14:16:28 credo dovecot: [ID 107833 mail.warning] pop3-login:
SSL_accept() failed: error:140D308A:SSL
routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable [85.225.200.123]
Aug 16 14:16:28 credo dovecot: [ID 107833 mail.info] pop3-login:
Disconnected: rip=85.225.200.123, lip=195.198.174.212, TLS
Aug 16 14:16:29 credo dovecot: [ID 107833 mail.warning] pop3-l...
2015 Mar 21
0
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 21/03/2015 10:00, James wrote:
>>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I
>>> thought the ssl_protocols setting did.
>>> Do I still need, if I ever needed, the "ssl_protocols = " setting?
>>
>> All these ssl_* settings just go to OpenSSL without Dovecot (or I)
>> knowing all that much about them. I think you still need it, but maybe
>> it's beca...
2015 Mar 21
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Am 21.03.2015 um 11:51 schrieb James:
> On 21/03/2015 10:00, James wrote:
>
>>>> the "SSL23_GET_CLIENT_HELLO:unsupported protocol" seems to do what I
>>>> thought the ssl_protocols setting did.
>>>> Do I still need, if I ever needed, the "ssl_protocols = " setting?
>>>
>>> All these ssl_* settings just go to OpenSSL without Dovecot (or I)
>>> knowing all that much about them. I think you still need it, but maybe
>&g...
2017 Feb 14
0
openssl 1.1.0d breaks Android7 TLS connects
Hi,
the actual OpenSSL version detection in dovecot is insufficient.
The implementation only checks for SSL_CTRL_SET_ECDH_AUTO.
That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed.
Thats the code part:
#ifdef SSL_CTRL_SET_ECDH_AUTO
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key
parameter
selection. */
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
#else...
2020 May 31
0
I can no longer use TLS for Windows7 and Outlook
...pick up email. Thunderbird users (ie; me) were unaffected.
</div>
<div>
<br>
</div>
<div>
Could anyone share a set of port 993/995 SSL settings known to work
</div>
<div>
with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ?
</div>
<div>
<br>
</div>
<div>
Mine is currently...
</div>
<div>
<br>
</div>
<div>
ssl_ca = </etc/ssl/certs/ca-certificates.crt
</div>
<div>
ssl_cert = </et...
2020 May 31
1
I can no longer use TLS for Windows7 and Outlook
...t; 993/995 with TLS enabled back to ports 143/110 without SSL or they
>> could not pick up email. Thunderbird users (ie; me) were unaffected.
>>
>> Could anyone share a set of port 993/995 SSL settings known to work
>> with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ?
>>
>> Mine is currently...
>>
>> ssl_ca = </etc/ssl/certs/ca-certificates.crt
>> ssl_cert = </etc/ssl/example.com/fullchain.pem
>> ssl_dh = # hidden, use -P to show it
>> ssl_key = # hidden, use -P to show it
>> ssl_options = no_c...
2020 Jul 15
2
Outlook vs Thunderbird
On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark
Constable <markc at renta.net> wrote:
> FWIW I meant if the client is Windows7/old-Outlook then changing either
> 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had
> to do this for a 100 or so clients a few months ago after upgrading to
> Ubuntu 20.04.
Really, really bad idea. You just
2005 May 10
0
start_tls on the user and password ldap connection
hi,
it seems when dovecot use ldap user and password databases it's not
possible to use tls connection and certificate with the ldap connection.
wouldn't it be possible to use the same certificate on the ldap
connection as used in the ssl_{cert,key}_file parameters in the dovecot
conf (or would be possible to use it's own cert in the ldap conf file?
yours.
--
Levente "Si vis pacem para bellum!"
2006 Mar 09
2
ssl certs
is it possible to use 2 different sets of ssl certificates, for 2
different hostnames ( e.g. pop.domain.com and imap.domain.com ) ?
thank you
2006 May 30
2
separate pop and imap server keys?
Hi there,
is there any way to get the imap and pop client to use separate keys?
My Thunderbird client complains when I am popping from popss.domain.com that
the certificate is owned by imapss.domain.com
Any clues here?
Cheers,
Noah
2014 May 11
1
dovecot 2.2.9 - ssl_cert and ssl_key ignored
Hello,
It seems that Dovecot ignores the new /ssl_cert and ssl_key /settings.
Using them in the dovecot configuration results in the error:
Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM
routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY]
Using the old /ssl_//cert//_file/ and /ssl_key_file/ results in their
being obs...
2014 Jul 08
2
Dovecot not changing SSL key and certificate as in config file
I am trying to use my (decrypted) SSL key and certificate in Dovecot. I
have changed /etc/dovecot/conf.d/10-ssl.conf like so:
ssl_cert = </etc/ssl/private/ssl-chain-mail-mydomain.com.pem
ssl_key = </etc/ssl/private/ssl-key-decrypted-mail-mydomain.com.key
However, after running service dovecot restart, dovecot -n still says that
the files /etc/dovecot/dovecot.pem and /etc/dovecot/private/dovecot.pem are
being used.
I am...
2005 Jul 07
3
separate SSL certificates for pop3s and imaps
Hi,
I'm migrating a uw-imap installation to dovecot. With uw-imap I had
different SSL certificates and keys for ipop3d and imapd. How can I
configure dovecot to do the same with its pop3s and imaps services?
Thanks in advance,
--
_________________________creating IT solutions
Michael Weiser science + computing ag
bei Eisenbahn und Haefen
Postfach 11 02 63 Hagellocher Weg
2006 Jun 04
2
Specifying with openssl to use
I'm trying to setup dovecot on Solaris 10. I can get it all working
except TLS/SSL. I traced my problem down to the version of openssl that
Solaris 10 ships with. The fix is supposed to be to use a newer version
of openssl. Without removing the built-in version of openssl I've
installed openssl-0.9.8b to /usr/local.
When I "./configure" dovecot it seems to always pick up the