search for: ssl_option

Hello! I have a very minor bug to report. The ssl_options configuration directive takes a space-separated list of options, each of which must be in the set {?no_compression?, ?no_ticket?}, according to the 2.2.25 source code. However, the file doc/example-config/conf.d/10-ssl.conf shipped in the tarball only mentions the ?no_compression? option; it makes...

One and all, I have scoured the internet high and low tonight and I can not for the life of me fix this damn problem. I have downloaded certificates, installed certificates, changed my :ca_path and such as stated in the documentation for omniauth-facebook for which I thought would be ok to do with this one. Can anyone point me in the right direction of how to disable SSL in development mode

...SSL settings known to work with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ? Mine is currently... ssl_ca = </etc/ssl/certs/ca-certificates.crt ssl_cert = </etc/ssl/example.com/fullchain.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_options = no_compression no_ticket ssl_prefer_server_ciphers = yes I have commented out ssl_cipher_list, ssl_min_protocol and others to get back to whatever the defaults are so I am not simply guessing what the optimal settings would be to cover Win7 and up. Yes I know Win7 is no longer supported but th...

...t Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } ssl = no ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } -- -- Best Regards, Walter Ulmke

..._listener pop3s { port = 995 ssl = yes } } ssl = required ssl_ca = </etc/ssl/certs/StartCom_Certification_Authority.pem ssl_cert = </etc/apache2/ssl.crt/mail.privustech.com_start.crt ssl_dh_parameters_length = 2048 ssl_key = </etc/apache2/ssl.key/mail.privustech.com.key ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static } verbose_ssl = yes protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postma...

...-openssl.c | 15 ++++++++++++++- 4 files changed, 18 insertions(+), 1 deletion(-) --- a/src/config/all-settings.c +++ b/src/config/all-settings.c @@ -308,6 +308,7 @@ struct master_service_ssl_settings { const char *ssl_cert_username_field; const char *ssl_crypto_device; const char *ssl_options; + const char *ssl_lowest_version; bool ssl_verify_client_cert; bool ssl_require_crl; --- a/src/lib-master/master-service-ssl-settings.c +++ b/src/lib-master/master-service-ssl-settings.c @@ -26,6 +26,7 @@ static const struct setting_define maste DEF(SET_STR, ssl_protocols), DEF(SET_STR,...

...ciphers over client's. #ssl_prefer_server_ciphers = no # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. # no_ticket - Disable SSL session tickets. #ssl_options = =========================== # openssl x509 -dates -in mydomain.com.crt notBefore=Nov 11 16:31:35 2020 GMT notAfter=Nov 11 16:31:35 2022 GMT -----BEGIN CERTIFICATE----- : =========================== # openssl pkey -in mydomain.com.key -----BEGIN PRIVATE KEY----- : Th...

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:E...

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a

...org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added dat...

...org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added dat...

...oliman.pl> wrote: > > > > > > Hi, > > To default dovecot.conf file I added (based on found documentation): > > ssl = required > > disable_plaintext_auth = yes #change default 'no' to 'yes' > > ssl_prefer_server_ciphers = yes > > ssl_options = no_compression > > ssl_dh_parameters_length = 2048 > > ssl_cipher_list = > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > AESGCM:ECD...

...ases/2.2/dovecot-2.2.20.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added dat...

...ases/2.2/dovecot-2.2.20.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added dat...

...A-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd name = } userdb { args = scheme=ARGON2ID username_format=%u /etc/dovecot/users auth_verbose = yes driver = passwd-file name = } protocol lmtp { mail_plugins = sieve postmaster_address = foobar at example.com...

...only allow > ciphers with forward secrecy i *only* referred to "ssl_protocols" and not to ciphers that below are sane settings supporting older Outlooks only talking RC4/DES but prefer a specific order for other clients ssl_protocols = !SSLv2 !SSLv3 ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:D...

On 03.12.2015 14:51, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig > > v2.2.20 probably will be released tomorrow or maybe during weekend. > > + ssl_options: Added support for no_ticket > Hello TImo, great to see that inseucre session tickets (violating PFS) can be disabled. Is it possible to configure the secure session caching mechanism? e.g. like in nginx: https://bjornjohansen.no/optimizing-https-nginx Thnx. Ciao, Gerhard

...rash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > plugin { > sieve = file:~/sieve;active=~/.dovecot.sieve > } > ssl = no > ssl_cipher_list = > ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > ssl_options = no_compression > ssl_prefer_server_ciphers = yes > userdb { > driver = passwd > } > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWx/IGsQnQQNheMxiAQLZaQgAwqOE59dZoXqcBkYYmdgiej4glYRhjaSl kwZeY6aFHjoErXK9B2VmrL9atmcMWoI3cocoCzpk5lib5CDuAX...

...onment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } ----------------------------------- looks like PAM is already configured. I CAN'T LOKIN USING PLAIN TEXT. HOW DO i TURN THIS OFF?? -- -- Best Regards, Walter Ulmke Ulmke Machine Tools, 48496 Hopsten, Germ...

.../etc/ssl/certs/ca-certificates.crt </div> <div> ssl_cert = </etc/ssl/example.com/fullchain.pem </div> <div> ssl_dh = # hidden, use -P to show it </div> <div> ssl_key = # hidden, use -P to show it </div> <div> ssl_options = no_compression no_ticket </div> <div> ssl_prefer_server_ciphers = yes </div> <div> <br> </div> <div> I have commented out ssl_cipher_list, ssl_min_protocol and others to </div> <div> get back to whateve...