Displaying 20 results from an estimated 141 matches for "ssl_min_protocols".
Did you mean:
ssl_min_protocol
2019 Apr 02
1
ssl_min_protocol
What are the possible settings for ssl_min_protocol? I only see it on the upgrade page where it mentions the default is TLSv1.
Searching on the dovecot page gives me "Your search query "ssl_min_protocol" didn't return any results."
--
Up the airy mountains, down the rushy glen... From ghosties and bogles
and long-leggity beasties... My mother said I never should... We
2020 Apr 13
2
Unable to set ssl_min_protocol=TLSv1.3
Good $daytime,
as per the recommendations of Mozilla?s SSL config generator[0], I
wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This
produced the error:
imap-login: Error: Failed to initialize SSL server context: Unknown
ssl_min_protocol setting 'TLSv1.3'
After some digging, I found the function that parses this setting in
2018 Jun 22
2
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
hi sorry if question was asked already. Was reading
https://wiki2.dovecot.org/Upgrading/2.3
first I'm confused on diffie hellman parameters file. I never set up
ssl-parameters.dat before (should i have? do I have one that was
automatically made for me by dovecot?)
Do I need to make a fresh dh.pem? The upgrade doc tells how to convert
ssl-parameters.dat but how to make a new one?
other
2019 Nov 26
2
ssl_min_protocol = TLSv1.3 does not work
Hi all,
I'm trying to set up my server with support for TLS 1.3 only, but that does
not seem to be supported.
First off, TLS 1.3 itself does work fine, so it's not the config or ssl
library, and 1.3-only works fine with Postfix. The problem is only in
disabling TLS 1.2 for Dovecot.
On connection, I'm getting an error that 1.3 is an "Unknown
ssl_min_protocol setting".
Reading
2018 Jun 22
0
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
...n is if I copy ssl_min_protocol from example config into
> my existing config is that enough? do experts on this list recommend
> any tweaks that increase client requirements more than dovecot
> developers are comfortable with but will ensure more secure protocol
> usage?
>
ssl_min_protocols defines the minimum TLS protocol the server supports. We recommend TLSv1, but if you want, you can experiment with TLSv1.2, which will decrease client compability a bit.
Aki
>
> -------------------------------------------------
>
> ONLY AT VFEmail! - Use our Metadata Mitigator to ke...
2020 Apr 13
0
Unable to set ssl_min_protocol=TLSv1.3
> On 13/04/2020 12:35 Thomas Schneider <qsx at chaotikum.eu> wrote:
>
>
> Good $daytime,
>
> as per the recommendations of Mozilla?s SSL config generator[0], I
> wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This
> produced the error:
>
> imap-login: Error: Failed to initialize SSL server context: Unknown
> ssl_min_protocol setting
2020 Jul 18
2
problem with client using TLS
Hello!
Benny Pedersen <me at junc.eu> schrieb am 18.07.20 um 13:04:37 Uhr:
> ratatouille skrev den 2020-07-18 12:33:
> > ssl_min_protocol = TLSv1.2
> > ssl_cipher_list = PROFILE=SYSTEM
> > ssl_prefer_server_ciphers = yes
>
> comment this lines, then i belive k9 works
>
> if it still does not, then drop k9 mail
Commenting just ssl_min_protocol = TLSv1.2
2019 Nov 27
0
ssl_min_protocol = TLSv1.3 does not work
On 26.11.2019 19.34, Laurens Post via dovecot wrote:
> Hi all,
>
> I'm trying to set up my server with support for TLS 1.3 only, but that
> does not seem to be supported.
> First off, TLS 1.3 itself does work fine, so it's not the config or
> ssl library, and 1.3-only works fine with Postfix. The problem is only
> in disabling TLS 1.2 for Dovecot.
> On connection,
2018 Jun 25
1
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
Thanks Joseph, Aki, but something missing from upgrade document, where
does the dh param file go? I located ssl-parameters.dat so I will put
it there.
Quoting Joseph Tam <jtam.home at gmail.com>:
> On Fri, 22 Jun 2018, Joseph Tam wrote:
>
>> However, recent advances make this condition obsolete [*] and not
>> really safer, so a much faster way to generate a DH key is
2020 Jul 16
2
Outlook vs Thunderbird
On 16/7/20 5:54 am, Benny Pedersen wrote:
>>> FWIW I meant if the client is Windows7/old-Outlook then changing
>>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the
>>> mail.
>
> windows 7 just need tls 1.0, why its need to disabled all, is as well
> beyong me, do not disable tls 1.0 in dovecot aslong one have windows
> 7 clients
Would anyone
2020 Jul 18
4
problem with client using TLS
18.07.2020, 14:30, Benny Pedersen <me at junc.eu>ratatouille skrev den
2020-07-18 13:20:
> Commenting just ssl_min_protocol = TLSv1.2 seems to solve the problem.
> So I have the default ssl_min_protocol = TLSv1
with means that the device running k9 is not supporting TLS 1.2 yet
TLS 1.2 is enabled by default in Android versions 5.0 and newer.
For earlier Android versions, K9
2019 Sep 30
1
Sieve replication - does not replicate
Hi,
I have two servers replicating mail as required, the directory structure
(per user), however they will not replicate the sieve scripts directory:
server 1
Maildir sieve
server 2
Maildir
Output of doveconf -n on server 1:
# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
doveconf: Warning: NOTE: You can get a new clean config file with:
doveconf -Pn >
2018 Jun 22
0
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Joseph Tam wrote:
> However, recent advances make this condition obsolete [*] and not
> really safer, so a much faster way to generate a DH key is
>
> openssl dhparam -dsaparam -out dh.pem 4096
>
> DH generation is a one time operation, so if you're paranoid and you've
> got time to burn, go ahead and generate the "safe" DH key.
>
2020 Jul 18
2
problem with client using TLS
Hello!
On my testserver running CentOS8 I have installed dovecot v2.3.8.
I can connect to the server using claws-mail on my PC but can't
using K9-mail on android device.
Jul 18 12:24:57 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
Jul 18 12:24:57 imap-login: Debug: SSL:
2018 Jun 22
2
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Aki Tuomi wrote:
>> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert
>> ssl-parameters.dat but how to make a new one?
>
> ... or you can make a fresh one using openssl
> gendh 4096 > dh.pem
This also works
openssl dhparam -out dh.pem 4096
> Note that this will require quite a lot of entropy, so you should
> probably
2020 May 31
5
I can no longer use TLS for Windows7 and Outlook
I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f.
A few months ago there was an update to all these systems and since
then I've had to talk W7 and old Mac clients through disabling ports
993/995 with TLS enabled back to ports 143/110 without SSL or they
could not pick up email. Thunderbird users (ie; me) were unaffected.
Could anyone share a set of port 993/995 SSL
2020 Aug 17
4
Apple Mail Since upgrade to dovecot 2.3.x unable to connect
Am 17.08.20 um 12:16 schrieb Aki Tuomi:
> You need to set
>
> ssl_min_protocol = TLSv1.2 # or TLSv1
Thanks, tried both, but unsuccessfully. Again, is there any debug
setting that allows me to see what SSL version was requested? Without
this, this is fumbling in the dark.
Cheers,
Johannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name:
2018 Dec 14
2
Upgrade to 2.3.1 has failed
...openSUSE Leap 42.3. But we
upgraded openSUSE to Leap 15.0.
In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer
works and I haven't figured out how to downgrade to the older working
version.
The key issue seems to be the change to requiring dh.pem and changing s
sl_protocols to ssl_min_protocols.?I think I've navigated both
correctly, but it still doesn't work.
The error is
auth: Error: stats: open(old-stats-user) failed: Permission denied
as a consequence of which we get
imap-login: Error: Failed to initialize SSL server context: Can't
load SSL certificate: T...
2019 Aug 21
4
sometimes no shared cipher after upgrade from 2.2 to 2.3
We recently upgraded from dovecot 2.2 to 2.3.7.1-1
Not many, but some users are experiencing difficulties. The dovecot directors
log:
Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts
in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking:
SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no
shared cipher,
2020 Jul 15
2
Outlook vs Thunderbird
On Tue Jul 07 2020 02:07:08 GMT-0400 (Eastern Standard Time), Mark
Constable <markc at renta.net> wrote:
> FWIW I meant if the client is Windows7/old-Outlook then changing either
> 993/SSL or 143/STARTTLS to 143/NONE could help pick up the mail. We had
> to do this for a 100 or so clients a few months ago after upgrading to
> Ubuntu 20.04.
Really, really bad idea. You just