search for: ssl_min_protocols

What are the possible settings for ssl_min_protocol? I only see it on the upgrade page where it mentions the default is TLSv1. Searching on the dovecot page gives me "Your search query "ssl_min_protocol" didn't return any results." -- Up the airy mountains, down the rushy glen... From ghosties and bogles and long-leggity beasties... My mother said I never should... We

Good $daytime, as per the recommendations of Mozilla?s SSL config generator[0], I wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This produced the error: imap-login: Error: Failed to initialize SSL server context: Unknown ssl_min_protocol setting 'TLSv1.3' After some digging, I found the function that parses this setting in

hi sorry if question was asked already. Was reading https://wiki2.dovecot.org/Upgrading/2.3 first I'm confused on diffie hellman parameters file. I never set up ssl-parameters.dat before (should i have? do I have one that was automatically made for me by dovecot?) Do I need to make a fresh dh.pem? The upgrade doc tells how to convert ssl-parameters.dat but how to make a new one? other

Hi all, I'm trying to set up my server with support for TLS 1.3 only, but that does not seem to be supported. First off, TLS 1.3 itself does work fine, so it's not the config or ssl library, and 1.3-only works fine with Postfix. The problem is only in disabling TLS 1.2 for Dovecot. On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting". Reading

...n is if I copy ssl_min_protocol from example config into > my existing config is that enough? do experts on this list recommend > any tweaks that increase client requirements more than dovecot > developers are comfortable with but will ensure more secure protocol > usage? > ssl_min_protocols defines the minimum TLS protocol the server supports. We recommend TLSv1, but if you want, you can experiment with TLSv1.2, which will decrease client compability a bit. Aki > > ------------------------------------------------- > > ONLY AT VFEmail! - Use our Metadata Mitigator to ke...

> On 13/04/2020 12:35 Thomas Schneider <qsx at chaotikum.eu> wrote: > > > Good $daytime, > > as per the recommendations of Mozilla?s SSL config generator[0], I > wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This > produced the error: > > imap-login: Error: Failed to initialize SSL server context: Unknown > ssl_min_protocol setting

Hello! Benny Pedersen <me at junc.eu> schrieb am 18.07.20 um 13:04:37 Uhr: > ratatouille skrev den 2020-07-18 12:33: > > ssl_min_protocol = TLSv1.2 > > ssl_cipher_list = PROFILE=SYSTEM > > ssl_prefer_server_ciphers = yes > > comment this lines, then i belive k9 works > > if it still does not, then drop k9 mail Commenting just ssl_min_protocol = TLSv1.2

On 26.11.2019 19.34, Laurens Post via dovecot wrote: > Hi all, > > I'm trying to set up my server with support for TLS 1.3 only, but that > does not seem to be supported. > First off, TLS 1.3 itself does work fine, so it's not the config or > ssl library, and 1.3-only works fine with Postfix. The problem is only > in disabling TLS 1.2 for Dovecot. > On connection,

Thanks Joseph, Aki, but something missing from upgrade document, where does the dh param file go? I located ssl-parameters.dat so I will put it there. Quoting Joseph Tam <jtam.home at gmail.com>: > On Fri, 22 Jun 2018, Joseph Tam wrote: > >> However, recent advances make this condition obsolete [*] and not >> really safer, so a much faster way to generate a DH key is

On 16/7/20 5:54 am, Benny Pedersen wrote: >>> FWIW I meant if the client is Windows7/old-Outlook then changing >>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the >>> mail. > > windows 7 just need tls 1.0, why its need to disabled all, is as well > beyong me, do not disable tls 1.0 in dovecot aslong one have windows > 7 clients Would anyone

18.07.2020, 14:30, Benny Pedersen <me at junc.eu>ratatouille skrev den 2020-07-18 13:20: > Commenting just ssl_min_protocol = TLSv1.2 seems to solve the problem. > So I have the default ssl_min_protocol = TLSv1 with means that the device running k9 is not supporting TLS 1.2 yet TLS 1.2 is enabled by default in Android versions 5.0 and newer. For earlier Android versions, K9

Hi, I have two servers replicating mail as required, the directory structure (per user), however they will not replicate the sieve scripts directory: server 1 Maildir sieve server 2 Maildir Output of doveconf -n on server 1: # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.4 () doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -Pn >

On Fri, 22 Jun 2018, Joseph Tam wrote: > However, recent advances make this condition obsolete [*] and not > really safer, so a much faster way to generate a DH key is > > openssl dhparam -dsaparam -out dh.pem 4096 > > DH generation is a one time operation, so if you're paranoid and you've > got time to burn, go ahead and generate the "safe" DH key. >

Hello! On my testserver running CentOS8 I have installed dovecot v2.3.8. I can connect to the server using claws-mail on my PC but can't using K9-mail on android device. Jul 18 12:24:57 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL:

On Fri, 22 Jun 2018, Aki Tuomi wrote: >> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert >> ssl-parameters.dat but how to make a new one? > > ... or you can make a fresh one using openssl > gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 > Note that this will require quite a lot of entropy, so you should > probably

I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f. A few months ago there was an update to all these systems and since then I've had to talk W7 and old Mac clients through disabling ports 993/995 with TLS enabled back to ports 143/110 without SSL or they could not pick up email. Thunderbird users (ie; me) were unaffected. Could anyone share a set of port 993/995 SSL

Am 17.08.20 um 12:16 schrieb Aki Tuomi: > You need to set > > ssl_min_protocol = TLSv1.2 # or TLSv1 Thanks, tried both, but unsuccessfully. Again, is there any debug setting that allows me to see what SSL version was requested? Without this, this is fumbling in the dark. Cheers, Johannes -------------- next part -------------- A non-text attachment was scrubbed... Name:

...openSUSE Leap 42.3. But we upgraded openSUSE to Leap 15.0. In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer works and I haven't figured out how to downgrade to the older working version. The key issue seems to be the change to requiring dh.pem and changing s sl_protocols to ssl_min_protocols.?I think I've navigated both correctly, but it still doesn't work. The error is auth: Error: stats: open(old-stats-user) failed: Permission denied as a consequence of which we get imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: T...

We recently upgraded from dovecot 2.2 to 2.3.7.1-1 Not many, but some users are experiencing difficulties. The dovecot directors log: Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher,

On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark Constable <markc at renta.net> wrote: > FWIW I meant if the client is Windows7/old-Outlook then changing either > 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had > to do this for a 100 or so clients a few months ago after upgrading to > Ubuntu 20.04. Really, really bad idea. You just