Displaying 3 results from an estimated 3 matches for "ssl_proxy_ctx_use_certificate_chain".
2013 Sep 10
2
dovecot and PFS
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
...RSION);
+ else
+ i_fatal("TLS min version: '%s' is invalid. Only "
+ "'TLS1.0' and 'TLS1.1' is supported",
+ ssl_set->ssl_lowest_version);
+ }
+#endif
if (ctx->pri.cert != NULL && *ctx->pri.cert != '\0' &&
ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->pri.cert) != 1) {
i_fatal("Can't load ssl_cert: %s",
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
...pkey = ssl_proxy_load_key(set->ssl_key, password);
+ if (pkey != NULL &&
+ (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL &&
+ (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
+ nid = EC_GROUP_get_curve_name(ecgrp);
+ EVP_PKEY_free(pkey);
+#endif
+ return nid;
+}
+
+static int
ssl_proxy_ctx_use_certificate_chain(SSL_CTX *ctx, const char *cert)
{
/* mostly just copy&pasted from SSL_CTX_use_certificate_chain_file() */
@@ -1209,7 +1282,6 @@
#endif
ssl_proxy_ctx_use_key(ctx->ctx, ssl_set);
- SSL_CTX_set_info_callback(ctx->ctx, ssl_info_callback);
if (ctx->verify_client_cert)
ssl_pro...