Displaying 20 results from an estimated 101 matches for "ssl_options".
2016 Oct 25
0
ssl_options missing no_ticket documentation in example config
Hello!
I have a very minor bug to report. The ssl_options configuration
directive takes a space-separated list of options, each of which must
be in the set {?no_compression?, ?no_ticket?}, according to the 2.2.25
source code. However, the file doc/example-config/conf.d/10-ssl.conf
shipped in the tarball only mentions the ?no_compression? option; it
makes...
2012 Jan 09
1
Windows, Rails 3.1.3, Omniauth-BrowserID, SSL Erro
One and all, I have scoured the internet high and low tonight and I
can not for the life of me fix this damn problem. I have downloaded
certificates, installed certificates, changed my :ca_path and such as
stated in the documentation for omniauth-facebook for which I thought
would be ok to do with this one. Can anyone point me in the right
direction of how to disable SSL in development mode
2020 May 31
5
I can no longer use TLS for Windows7 and Outlook
...SSL settings known to work
with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ?
Mine is currently...
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/ssl/example.com/fullchain.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_options = no_compression no_ticket
ssl_prefer_server_ciphers = yes
I have commented out ssl_cipher_list, ssl_min_protocol and others to
get back to whatever the defaults are so I am not simply guessing what
the optimal settings would be to cover Win7 and up.
Yes I know Win7 is no longer supported but tha...
2018 Jun 12
4
cant login to Dovecot
...t Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
ssl = no
ssl_cipher_list =
ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
--
--
Best Regards, Walter Ulmke
2016 Jul 03
2
Postfix/dovecot: user unrecognized, file permissions being misread
..._listener pop3s {
port = 995
ssl = yes
}
}
ssl = required
ssl_ca = </etc/ssl/certs/StartCom_Certification_Authority.pem
ssl_cert = </etc/apache2/ssl.crt/mail.privustech.com_start.crt
ssl_dh_parameters_length = 2048
ssl_key = </etc/apache2/ssl.key/mail.privustech.com.key
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
verbose_ssl = yes
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmas...
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
...-openssl.c | 15 ++++++++++++++-
4 files changed, 18 insertions(+), 1 deletion(-)
--- a/src/config/all-settings.c
+++ b/src/config/all-settings.c
@@ -308,6 +308,7 @@ struct master_service_ssl_settings {
const char *ssl_cert_username_field;
const char *ssl_crypto_device;
const char *ssl_options;
+ const char *ssl_lowest_version;
bool ssl_verify_client_cert;
bool ssl_require_crl;
--- a/src/lib-master/master-service-ssl-settings.c
+++ b/src/lib-master/master-service-ssl-settings.c
@@ -26,6 +26,7 @@ static const struct setting_define maste
DEF(SET_STR, ssl_protocols),
DEF(SET_STR,...
2020 Nov 15
1
no shared cipher openssl
...ciphers over client's.
#ssl_prefer_server_ciphers = no
# SSL crypto device to use, for valid values run "openssl engine"
#ssl_crypto_device =
# SSL extra options. Currently supported options are:
# no_compression - Disable compression.
# no_ticket - Disable SSL session tickets.
#ssl_options =
===========================
# openssl x509 -dates -in mydomain.com.crt
notBefore=Nov 11 16:31:35 2020 GMT
notAfter=Nov 11 16:31:35 2022 GMT
-----BEGIN CERTIFICATE-----
:
===========================
# openssl pkey -in mydomain.com.key
-----BEGIN PRIVATE KEY-----
:
Tha...
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi,
To default dovecot.conf file I added (based on found documentation):
ssl = required
disable_plaintext_auth = yes #change default 'no' to 'yes'
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_dh_parameters_length = 2048
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:EC...
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 1:32 AM, Reindl Harald wrote:
>
> Am 02.12.2014 um 06:44 schrieb Will Yardley:
>> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
>>> On 12/1/2014 4:43 PM, Will Yardley wrote:
>>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config
>>>> (in a way that's sane)?
>>>
>>>> Is there a
2015 Dec 03
8
v2.2.20 release candidate released
...org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig
v2.2.20 probably will be released tomorrow or maybe during weekend.
+ Added mailbox { autoexpunge=<time> } setting. See
http://wiki2.dovecot.org/MailboxSettings for details.
+ ssl_options: Added support for no_ticket
+ imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra
field. This allows replacing the default service
imap/pop3/managesieve {} settings for specific users (e.g. running
their imap process via valgrind or strace).
+ doveadm fetch: Added date...
2015 Dec 03
8
v2.2.20 release candidate released
...org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz
http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig
v2.2.20 probably will be released tomorrow or maybe during weekend.
+ Added mailbox { autoexpunge=<time> } setting. See
http://wiki2.dovecot.org/MailboxSettings for details.
+ ssl_options: Added support for no_ticket
+ imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra
field. This allows replacing the default service
imap/pop3/managesieve {} settings for specific users (e.g. running
their imap process via valgrind or strace).
+ doveadm fetch: Added date...
2017 Apr 27
2
confused with ssl settings and some error - need help
...oliman.pl> wrote:
> >
> >
> > Hi,
> > To default dovecot.conf file I added (based on found documentation):
> > ssl = required
> > disable_plaintext_auth = yes #change default 'no' to 'yes'
> > ssl_prefer_server_ciphers = yes
> > ssl_options = no_compression
> > ssl_dh_parameters_length = 2048
> > ssl_cipher_list =
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> AESGCM:ECDH...
2015 Dec 07
7
v2.2.20 released
...ases/2.2/dovecot-2.2.20.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig
This could be (one of) the last v2.2.x release. We're starting v2.3 development soon.
+ Added mailbox { autoexpunge=<time> } setting. See
http://wiki2.dovecot.org/MailboxSettings for details.
+ ssl_options: Added support for no_ticket
+ imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra
field. This allows replacing the default service
imap/pop3/managesieve {} settings for specific users (e.g. running
their imap process via valgrind or strace).
+ doveadm fetch: Added date...
2015 Dec 07
7
v2.2.20 released
...ases/2.2/dovecot-2.2.20.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig
This could be (one of) the last v2.2.x release. We're starting v2.3 development soon.
+ Added mailbox { autoexpunge=<time> } setting. See
http://wiki2.dovecot.org/MailboxSettings for details.
+ ssl_options: Added support for no_ticket
+ imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra
field. This allows replacing the default service
imap/pop3/managesieve {} settings for specific users (e.g. running
their imap process via valgrind or strace).
+ doveadm fetch: Added date...
2019 Apr 11
2
auth-worker unknown user
...A-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
name =
}
userdb {
args = scheme=ARGON2ID username_format=%u /etc/dovecot/users
auth_verbose = yes
driver = passwd-file
name =
}
protocol lmtp {
mail_plugins = sieve
postmaster_address = foobar at example.com
}...
2014 Dec 02
0
disabling certain ciphers
...only allow
> ciphers with forward secrecy
i *only* referred to "ssl_protocols" and not to ciphers
that below are sane settings supporting older Outlooks only talking
RC4/DES but prefer a specific order for other clients
ssl_protocols = !SSLv2 !SSLv3
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DH...
2015 Dec 05
0
v2.2.20 release candidate released
On 03.12.2015 14:51, Timo Sirainen wrote:
> http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz
> http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig
>
> v2.2.20 probably will be released tomorrow or maybe during weekend.
>
> + ssl_options: Added support for no_ticket
>
Hello TImo,
great to see that inseucre session tickets (violating PFS) can be disabled.
Is it possible to configure the secure session caching mechanism?
e.g. like in nginx: https://bjornjohansen.no/optimizing-https-nginx
Thnx.
Ciao,
Gerhard
2018 Jun 12
0
cant login to Dovecot
...rash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> driver = pam
> }
> plugin {
> sieve = file:~/sieve;active=~/.dovecot.sieve
> }
> ssl = no
> ssl_cipher_list =
> ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
> ssl_options = no_compression
> ssl_prefer_server_ciphers = yes
> userdb {
> driver = passwd
> }
>
>
>
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWx/IGsQnQQNheMxiAQLZaQgAwqOE59dZoXqcBkYYmdgiej4glYRhjaSl
kwZeY6aFHjoErXK9B2VmrL9atmcMWoI3cocoCzpk5lib5CDuAXd...
2018 Jun 13
0
can't login to Dovecot
...onment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace inbox {
inbox = yes
location =
passdb {
driver = pam
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
ssl_cipher_list =
ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
-----------------------------------
looks like PAM is already configured.
I CAN'T LOKIN USING PLAIN TEXT. HOW DO i TURN THIS OFF??
--
--
Best Regards, Walter Ulmke
Ulmke Machine Tools, 48496 Hopsten, Germa...
2020 May 31
0
I can no longer use TLS for Windows7 and Outlook
.../etc/ssl/certs/ca-certificates.crt
</div>
<div>
ssl_cert = </etc/ssl/example.com/fullchain.pem
</div>
<div>
ssl_dh = # hidden, use -P to show it
</div>
<div>
ssl_key = # hidden, use -P to show it
</div>
<div>
ssl_options = no_compression no_ticket
</div>
<div>
ssl_prefer_server_ciphers = yes
</div>
<div>
<br>
</div>
<div>
I have commented out ssl_cipher_list, ssl_min_protocol and others to
</div>
<div>
get back to whatever...