search for: ssl_options

Displaying 20 results from an estimated 101 matches for "ssl_options".

2016 Oct 25
0
ssl_options missing no_ticket documentation in example config
Hello! I have a very minor bug to report. The ssl_options configuration directive takes a space-separated list of options, each of which must be in the set {?no_compression?, ?no_ticket?}, according to the 2.2.25 source code. However, the file doc/example-config/conf.d/10-ssl.conf shipped in the tarball only mentions the ?no_compression? option; it makes...
2012 Jan 09
1
Windows, Rails 3.1.3, Omniauth-BrowserID, SSL Erro
One and all, I have scoured the internet high and low tonight and I can not for the life of me fix this damn problem. I have downloaded certificates, installed certificates, changed my :ca_path and such as stated in the documentation for omniauth-facebook for which I thought would be ok to do with this one. Can anyone point me in the right direction of how to disable SSL in development mode
2020 May 31
5
I can no longer use TLS for Windows7 and Outlook
...SSL settings known to work with Windows7 and Outlook16 using "dovecot -n|grep ^ssl_" please ? Mine is currently... ssl_ca = </etc/ssl/certs/ca-certificates.crt ssl_cert = </etc/ssl/example.com/fullchain.pem ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_options = no_compression no_ticket ssl_prefer_server_ciphers = yes I have commented out ssl_cipher_list, ssl_min_protocol and others to get back to whatever the defaults are so I am not simply guessing what the optimal settings would be to cover Win7 and up. Yes I know Win7 is no longer supported but tha...
2018 Jun 12
4
cant login to Dovecot
...t Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } ssl = no ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } -- -- Best Regards, Walter Ulmke
2016 Jul 03
2
Postfix/dovecot: user unrecognized, file permissions being misread
..._listener pop3s { port = 995 ssl = yes } } ssl = required ssl_ca = </etc/ssl/certs/StartCom_Certification_Authority.pem ssl_cert = </etc/apache2/ssl.crt/mail.privustech.com_start.crt ssl_dh_parameters_length = 2048 ssl_key = </etc/apache2/ssl.key/mail.privustech.com.key ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static } verbose_ssl = yes protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmas...
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
...-openssl.c | 15 ++++++++++++++- 4 files changed, 18 insertions(+), 1 deletion(-) --- a/src/config/all-settings.c +++ b/src/config/all-settings.c @@ -308,6 +308,7 @@ struct master_service_ssl_settings { const char *ssl_cert_username_field; const char *ssl_crypto_device; const char *ssl_options; + const char *ssl_lowest_version; bool ssl_verify_client_cert; bool ssl_require_crl; --- a/src/lib-master/master-service-ssl-settings.c +++ b/src/lib-master/master-service-ssl-settings.c @@ -26,6 +26,7 @@ static const struct setting_define maste DEF(SET_STR, ssl_protocols), DEF(SET_STR,...
2020 Nov 15
1
no shared cipher openssl
...ciphers over client's. #ssl_prefer_server_ciphers = no # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. # no_ticket - Disable SSL session tickets. #ssl_options = =========================== # openssl x509 -dates -in mydomain.com.crt notBefore=Nov 11 16:31:35 2020 GMT notAfter=Nov 11 16:31:35 2022 GMT -----BEGIN CERTIFICATE----- : =========================== # openssl pkey -in mydomain.com.key -----BEGIN PRIVATE KEY----- : Tha...
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:EC...
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a
2015 Dec 03
8
v2.2.20 release candidate released
...org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date...
2015 Dec 03
8
v2.2.20 release candidate released
...org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date...
2017 Apr 27
2
confused with ssl settings and some error - need help
...oliman.pl> wrote: > > > > > > Hi, > > To default dovecot.conf file I added (based on found documentation): > > ssl = required > > disable_plaintext_auth = yes #change default 'no' to 'yes' > > ssl_prefer_server_ciphers = yes > > ssl_options = no_compression > > ssl_dh_parameters_length = 2048 > > ssl_cipher_list = > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > AESGCM:ECDH...
2015 Dec 07
7
v2.2.20 released
...ases/2.2/dovecot-2.2.20.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date...
2015 Dec 07
7
v2.2.20 released
...ases/2.2/dovecot-2.2.20.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added postlogin_socket=path passdb extra field. This allows replacing the default service imap/pop3/managesieve {} settings for specific users (e.g. running their imap process via valgrind or strace). + doveadm fetch: Added date...
2019 Apr 11
2
auth-worker unknown user
...A-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd name = } userdb { args = scheme=ARGON2ID username_format=%u /etc/dovecot/users auth_verbose = yes driver = passwd-file name = } protocol lmtp { mail_plugins = sieve postmaster_address = foobar at example.com }...
2014 Dec 02
0
disabling certain ciphers
...only allow > ciphers with forward secrecy i *only* referred to "ssl_protocols" and not to ciphers that below are sane settings supporting older Outlooks only talking RC4/DES but prefer a specific order for other clients ssl_protocols = !SSLv2 !SSLv3 ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DH...
2015 Dec 05
0
v2.2.20 release candidate released
On 03.12.2015 14:51, Timo Sirainen wrote: > http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz > http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig > > v2.2.20 probably will be released tomorrow or maybe during weekend. > > + ssl_options: Added support for no_ticket > Hello TImo, great to see that inseucre session tickets (violating PFS) can be disabled. Is it possible to configure the secure session caching mechanism? e.g. like in nginx: https://bjornjohansen.no/optimizing-https-nginx Thnx. Ciao, Gerhard
2018 Jun 12
0
cant login to Dovecot
...rash { > special_use = \Trash > } > prefix = > } > passdb { > driver = pam > } > plugin { > sieve = file:~/sieve;active=~/.dovecot.sieve > } > ssl = no > ssl_cipher_list = > ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH > ssl_options = no_compression > ssl_prefer_server_ciphers = yes > userdb { > driver = passwd > } > > > - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWx/IGsQnQQNheMxiAQLZaQgAwqOE59dZoXqcBkYYmdgiej4glYRhjaSl kwZeY6aFHjoErXK9B2VmrL9atmcMWoI3cocoCzpk5lib5CDuAXd...
2018 Jun 13
0
can't login to Dovecot
...onment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = passdb { driver = pam } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } ----------------------------------- looks like PAM is already configured. I CAN'T LOKIN USING PLAIN TEXT. HOW DO i TURN THIS OFF?? -- -- Best Regards, Walter Ulmke Ulmke Machine Tools, 48496 Hopsten, Germa...
2020 May 31
0
I can no longer use TLS for Windows7 and Outlook
.../etc/ssl/certs/ca-certificates.crt </div> <div> ssl_cert = </etc/ssl/example.com/fullchain.pem </div> <div> ssl_dh = # hidden, use -P to show it </div> <div> ssl_key = # hidden, use -P to show it </div> <div> ssl_options = no_compression no_ticket </div> <div> ssl_prefer_server_ciphers = yes </div> <div> <br> </div> <div> I have commented out ssl_cipher_list, ssl_min_protocol and others to </div> <div> get back to whatever...