search for: ssl_ciphers

On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote: > I'm not Aki but hope you don't mind... > > On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: >> Hi, >> >> MariaDB documentation says it accepts OpenSSL cipher strings in its >> ssl_cipher parameters like ssl_cipher="TLSv1.2". >> This is also mentioned when creating or

I'm not Aki but hope you don't mind... On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: > Hi, > > MariaDB documentation says it accepts OpenSSL cipher strings in its ssl_cipher parameters like ssl_cipher="TLSv1.2". > This is also mentioned when creating or changing users in terms of setting this with the REQUIRE CIPHER parameter like CREATE USER

Hello! I'm attempting to get Dovecot working with MySQL user database on another machine. I can connect to the MySQL (5.7.26) instance with SSL enabled: ?mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem --ssl-cert=/etc/dovecot/client-cert.pem --ssl-key=/etc/dovecot/client-key.pem --ssl-cipher=DHE-RSA-AES256-SHA -u vmail -p However if I use the same values in dovecot-sql.conf.ext, I

Migrating a website from CentOS 6 ot 7. I try to fire up apache, and it fails, complaining of a directive: CustomLog logs/internal.oir.cit_ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" I'm googling, but I'd be happy if someone who knows apache more deeply could tell me what's wrong with that - am I missing

Have you considered any alternatives? I'm thinking of IPSec to create a secured network encapsulation channel(s) "above" the TCP connection(s). This would provide encryption with control over cipher(s), and cert validation on both sides (if you used cert auth, not PSK). -- K On Thu, Apr 18, 2019, at 12:15 PM, TG Servers via dovecot wrote: > Ok then it seems again a MariaDB

On 18/07/2019 23:24, Reio Remma via dovecot wrote: > Hello! > > I'm attempting to get Dovecot working with MySQL user database on > another machine. I can connect to the MySQL (5.7.26) instance with SSL > enabled: > > ?mysql -h db.mrst.ee --ssl-ca=/etc/dovecot/ca.pem > --ssl-cert=/etc/dovecot/client-cert.pem > --ssl-key=/etc/dovecot/client-key.pem

...be able to provide me with the EXACT set of ssl_* settings that should work with W7 please? I tried for a week with various combinations but nothing worked short of disabling SSL altogether. These are the remnants of some attempts... # 20200531 suggested by Aki Tuomi #ssl_min_protocol = TLSv1.0 #ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL # https://ssl-config.mozilla.org OLD # openssl dhparam -dsaparam 1024 > /etc/dovecot/dh.pem ssl_prefer_server_ciphers = yes #ssl_min_protocol = TLSv1 #ssl_cipher_list = ECDHE-ECDSA**** # https://ssl-config.mozilla.org MEDIUM # openssl dhparam -dsaparam 2048 > /...

Hey everybody, I'm trying to get mysql master/slave replication to work under SSL. I've created the certs for both the slave and the master. I've configured the master and slave my.cnf. And it does appear that replication is actually working. Master is actually MariaDB (version 5.5.41-MariaDB-log, and the slave is MySQL (version 5.5.41-log). But there are two issues I'd like to

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 20/07/2019 13:12 Reio Remma via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 20/07/2019 21:07 Reio Remma via dovecot <dovecot@dovecot.org> wrote: </div> <div> <br> </div> <div> <br>

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

.../var/lib/puppet/ssl/certs/bangvmpllda02.XXXXX.com.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/bangvmpllda02.XXXXX.com.pem; ssl_crl /var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache shared:SSL:128m; ssl_session_timeout 5m; } } and the puppet.conf [main...

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990). (The latest instructions I've used are at: https://www.unixmen.com/configure-vsftpd-ssltls-centos-7/) Using Filezilla client, I get: Error: GnuTLS error -15: An unexpected TLS packet was received. Error: Could not connect to

Hi all, I am trying to setup an apache virtualhost under CentOS 6.7 that needs to redirects requests from port 444 to port 5100 in its local ip. But I am doing some mistakes because every time I'm receiving a loop error. My actual httpd's config for this virtualhost is: NameVirtualHost 192.168.1.5:444 <VirtualHost 192.168.1.5:444> ServerName myweb01.local.domain ErrorLog

Hello, I've seen this issue before, running a imap/smtp/database server on localhost and adding in a webmail interface, in this case Roundcube. In my maillog I'm seeing accessive Dovecot connections and logouts just from my own transaction of logging in, going to compose a message, sending, and logging out. I'm using Mysql as database backend and was wondering if there was something