search for: ssl_alt_key

Seems like a minor cosmetic bug with [ dovecot -n ] ssl_alt_key = </etc/pki/private/some.key.pem ssl_key =? # hidden, use -P to show it

...gt; blubbering about when dovecot caters for it already'. That stopped when > testing the setting ... like you said it is a bug apparently. > > Now about compiling... that is not really my turf unless it is > absolutely necessary. Time being I will (have to) work around with [? > ssl_alt_key/cert ] and will notify the downstream repo maintainer about > the patch, assuming that needs all that compiling I cannot just modify > some file manually. > > > Yeah, it needs to be recompiled to fix. Aki

...ess new bugs are found, this will be the final v2.2.31 release, which will be released on Monday. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + pop3-migration plugin: Strip trailing whitespace from headers when matching mails between IMAP and POP3. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up per-mailbox...

...ess new bugs are found, this will be the final v2.2.31 release, which will be released on Monday. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + pop3-migration plugin: Strip trailing whitespace from headers when matching mails between IMAP and POP3. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up per-mailbox...

Hello, I'm running dovecot 2.3.1 (c5a5c0c82) and trying to experiment with using both RSA and ECDSA certificates. My configuration is as follow: ssl_alt_cert = </path/to/my.rsa.key ssl_alt_key = </path/to/my.rsa.key ssl_cert = </path/to/my.ecdsa.pem ssl_key = </path/to/my.ecdsa.key Both certificates are let's encrypt certificate, so both are using the same intermediate CA. The certificate chain are: for rsa: - my certificate - Let's Encrypt Authority X3 - DST Root...

On 31.07.2018 03:32, ????? wrote: >> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use: >> >> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ] >> >> And thus t1 would not work anyway. However, having tested r1 the result >> was just the same. >> >> A tcpdump during the openssl test [ s_server | s_client ] then revealed

...login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 12340 } } ssl_alt_cert = </usr/local/etc/ssl/acme/mail.firc.de_ecc/cert.pem ssl_alt_key = </usr/local/etc/ssl/acme/mail.firc.de_ecc/key.pem ssl_ca = /usr/local/etc/ssl/acme/ca.pem ssl_cert = </usr/local/etc/ssl/acme/mail.firc.de/cert.pem ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it ssl_protocols = !SSLv3 userdb { args = /usr/local/etc/dovecot/dovecot-...

...r :) v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + dsync/imapc, pop3-migration plugin: Strip trailing whitespace from headers when matching mails. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up per-mailbox dovecot-acl...

...r :) v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3. * LMTP: Removed "(Dovecot)" from added Received headers. Some installations want to hide it, and there's not really any good reason for anyone to have it. + Add ssl_alt_cert and ssl_alt_key settings to add support for having both RSA and ECDSA certificates. + dsync/imapc, pop3-migration plugin: Strip trailing whitespace from headers when matching mails. This helps with migrations from Zimbra. + acl: Add acl_globals_only setting to disable looking up per-mailbox dovecot-acl...

...ke 'yeah - what are you blubbering about when dovecot caters for it already'. That stopped when testing the setting ... like you said it is a bug apparently. Now about compiling... that is not really my turf unless it is absolutely necessary. Time being I will (have to) work around with [? ssl_alt_key/cert ] and will notify the downstream repo maintainer about the patch, assuming that needs all that compiling I cannot just modify some file manually.

> Yeah, it needs to be recompiled to fix. > Sure, no worries.? Thanks for the quick turnaround on the patch. Downstream is notified and pending migration into their package. Meanwhile ssl_alt_key/certs does the trick. I am grateful that such option is even provisioned or else I would a be in rather bad spot with the CA. Other apps are rather ignorant on that matter.

...be the final v2.2.31 release, which > will be released on Monday. > > * LMTP: Removed "(Dovecot)" from added Received headers. Some > installations want to hide it, and there's not really any good reason > for anyone to have it. > > + Add ssl_alt_cert and ssl_alt_key settings to add support for > having both RSA and ECDSA certificates. > + pop3-migration plugin: Strip trailing whitespace from headers > when matching mails between IMAP and POP3. This helps with migrations > from Zimbra. > + acl: Add acl_globals_only setting to disable l...

...995 ssl = yes } } service quota-status { client_limit = 1 executable = quota-status -p postfix inet_listener { port = 10022 } } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = vmail } ssl_alt_cert = </etc/ssl/certs/postfix-rsa.crt ssl_alt_key = # hidden, use -P to show it ssl_cert = </etc/ssl/certs/postfix-ecc.crt ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_prefer_server_ciphers = yes userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } verbose_proctitle = ye...

...sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } user = root } ssl = required ssl_alt_cert = </etc/letsencrypt/live/mx02.esslmaier.at/fullchain.pem ssl_alt_key = # hidden, use -P to show it ssl_cert = </etc/letsencrypt/live/mx02.esslmaier.at/fullchain-ecdsa.pem ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:! 3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_client_ca_file = </etc/pki/tls/cert.pem ssl_dh = # hidden, use -P to...

...-doveadm { > ????mode = 0600 > ????user = $mail_uid > ? } > } > service submission-login { > ? inet_listener submission { > ????haproxy = yes > ????port = 465 > ????ssl = yes > ? } > } > ssl = required > ssl_alt_cert = </etc/ssl/private/example.com.pem > ssl_alt_key = # hidden, use -P to show it > ssl_cert = </etc/ssl/private/example.com-ecc.pem > ssl_cipher_list = > TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:TLS-AES-256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:TLS-AES-128-GCM...

...istener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_alt_cert = </etc/ssl/certs/mail.[redacted].ecdsa.pem ssl_alt_key = </etc/ssl/private/[redacted].ecdsa.key ssl_cert = </etc/ssl/certs/mail.[redacted].rsa.pem ssl_key = </etc/ssl/private/[redacted].rsa.key ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-G...

...p3-login { inet_listener pop3 { port = 0 } } service stats { unix_listener stats-writer { user = mail } } service submission-login { inet_listener submission_ssl { port = 465 ssl = yes } } ssl = required ssl_alt_cert = </usr/local/acme/var/iwascoding.com/fullchain.cer ssl_alt_key = # hidden, use -P to show it ssl_cert = </usr/local/acme/var/iwascoding.com_ecc/fullchain.cer ssl_cipher_list = ALL:HIGH:!SSLv2:!SSLv3:!kRSA:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!PSK:!SRP:!DSS:!SEED:@STRENGTH ssl_client_ca_dir = /etc/ssl/certs ssl_client_ca_file = /etc/s...

...? client_limit = 1 > ? executable = quota-status -p postfix > ? inet_listener { > ??? port = 10022 > ? } > } > service quota-warning { > ? executable = script /usr/local/bin/quota-warning.sh > ? user = vmail > } > ssl_alt_cert = </etc/ssl/certs/postfix-rsa.crt > ssl_alt_key = # hidden, use -P to show it > ssl_cert = </etc/ssl/certs/postfix-ecc.crt > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_min_protocol = TLSv1.2 > ssl_prefer_server_ciphers = yes > userdb { > ? args = /etc/dovecot/dovecot-sql.conf > ?...

...user = postfix } } service managesieve-login { inet_listener sieve { address = localhost } } service submission-login { inet_listener submissions { haproxy = no port = 465 reuse_port = no ssl = yes } } ssl_alt_cert = </var/lib/acme/imap.example.com/rsa/cert.pem ssl_alt_key = # hidden, use -P to show it ssl_cert = </var/lib/acme/imap.example.com/ecdsa/cert.pem ssl_cipher_list = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384...

...xecutable = quota-status -p postfix >> inet_listener { >> port = 10022 >> } >> } >> service quota-warning { >> executable = script /usr/local/bin/quota-warning.sh >> user = vmail >> } >> ssl_alt_cert = </etc/ssl/certs/postfix-rsa.crt >> ssl_alt_key = # hidden, use -P to show it >> ssl_cert = </etc/ssl/certs/postfix-ecc.crt >> ssl_dh = # hidden, use -P to show it >> ssl_key = # hidden, use -P to show it >> ssl_min_protocol = TLSv1.2 >> ssl_prefer_server_ciphers = yes >> userdb { >> args = /etc/dovec...