Displaying 5 results from an estimated 5 matches for "ssl_sect".
Did you mean:
ssl_cert
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
....3.10.1 (a3d0e1171)
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
, atm on Fedora32.
I configure
/etc/pki/tls/openssl.cnf
to set preferences for apps' usage, e.g. Postfix etc; Typically, here
cat /etc/pki/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:...
2020 Oct 16
2
Dovecot won't accept IMAP TLS 1 connections from older devices [SOLVED]
...buntu, at least) /usr/lib/ssl/openssl.cnf.?
The change consists of adding a line of code in the initial section that
invokes several new sections later:
In the initial section I added:
??? openssl_conf = default_conf
Then at the bottom of the file I added:
??? [default_conf]
??? ssl_conf = ssl_sect
??? [ssl_sect]
??? system_default = system_default_sect
??? [system_default_sect]
??? MinProtocol = TLSv1
??? CipherString = DEFAULT at SECLEVEL=1
There is an alternative approach that I have read of but not tested.?
Basically you can create a new file elsewhere with the customized
conten...
2020 Sep 22
0
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...;
> , atm on Fedora32.
>
> I configure
>
> /etc/pki/tls/openssl.cnf
>
> to set preferences for apps' usage, e.g. Postfix etc; Typically, here
>
> cat /etc/pki/tls/openssl.cnf
>
> openssl_conf = default_conf
>
> [default_conf]
> ssl_conf = ssl_sect
>
> [ssl_sect]
> system_default = system_default_sect
>
> [system_default_sect]
> MinProtocol = TLSv1.2
> Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
> CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20...
2020 Sep 22
3
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...>
> > /etc/pki/tls/openssl.cnf
> >
> > to set preferences for apps' usage, e.g. Postfix etc; Typically, here
> >
> > cat /etc/pki/tls/openssl.cnf
> >
> > openssl_conf = default_conf
> >
> > [default_conf]
> > ssl_conf = ssl_sect
> >
> > [ssl_sect]
> > system_default = system_default_sect
> >
> > [system_default_sect]
> > MinProtocol = TLSv1.2
> > Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
> > CipherString = ECDHE-EC...
2020 Sep 23
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote:
>
>
> On 9/22/20 10:51 AM, Aki Tuomi wrote:
> >>>
> >
> > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue.
>
> I've NO issue with that config/setting with any _other_ app -- whether in general