search for: ssllab

...DH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4" <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" </IfModule> https://www.ssllabs.com/ssltest/analyze.html?d=www.hogarthuk.com IIRC the Red Hat defaults are somewhat conservative on their limitations in order to simplify and maximise client connectivity - as some stuff (especially java apps or older mobile devices) tend to struggle otherwise with only a strict set of secure ci...

For what it's worth, this gives the server an A: https://www.ssllabs.com/ssltest/analyze.html?d=mail.privustech. com So there is no problem with the certificates and key... Thanks again. On Sun, 2018-12-16 at 09:19 -0500, C. Andrews Lavarre wrote: > So it's something else.? -------------- next part -------------- An HTML attachment was scrubbed... URL: <h...

...ot;, tempfile()) : cannot open URL 'https://www.r-project.org' In addition: Warning message: In download.file("https://www.r-project.org", tempfile()) : URL 'https://www.r-project.org': status was 'SSL peer certificate or SSH remote key was not OK' https://www.ssllabs.com/ssltest says: COMODO RSA Certification Authority Fingerprint SHA256: 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 minutes ago) EXPIRED AFAICT this i...

Hi Timo, reading this http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use with apple mail ( if no ECDHE is possible ,by missing openssl 1.x etc, seems that apple mail tries ECDHE first if fails its going to use RSA-AES128-SHA ) force soltution as tried ssl_cipher_list =

...age: > > > > In download.file("https://www.r-project.org", tempfile()) : > > > > URL 'https://www.r-project.org': status was 'SSL peer certificate or > > > > SSH remote key was not OK' > > > > > > > > https://www.ssllabs.com/ssltest says: > > > > > > > > COMODO RSA Certification Authority > > > > Fingerprint SHA256: > > > > 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da > > > > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= &gt...

Hello, I've seen this issue before, running a imap/smtp/database server on localhost and adding in a webmail interface, in this case Roundcube. In my maillog I'm seeing accessive Dovecot connections and logouts just from my own transaction of logging in, going to compose a message, sending, and logging out. I'm using Mysql as database backend and was wondering if there was something

Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:

Am 07.02.2015 um 10:10 schrieb SW: > I've just done a test with K9 mail on Android 4.4.2 and this is what I > see in the log: > > ECDHE-ECDSA-AES128-SHA (128/128 bits) > > But when using Thunderbird I see: > > ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) > > I'm happy that Thunderbird is using a secure cipher but is Android? Is > ECDHE-ECDSA-AES128-SHA

...This results in the following C-Code being executed: SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); This setting tells OpenSSL not to honor the Ciper Order sent from the client, but prefer it's own configured set of CipherSuites. According to Qualis SSL Labs ( https://www.ssllabs.com/ssldb/index.html ), a webserver configured with this setting is not affected by that BEAST security leak. Is there a way to implement such a setting into Dovecot, too? I have created a very quick and dirty solution to avoid being listed on our internal security problem's list. This patch...

...oject.org' > > In addition: Warning message: > > In download.file("https://www.r-project.org", tempfile()) : > > URL 'https://www.r-project.org': status was 'SSL peer certificate or > > SSH remote key was not OK' > > > > https://www.ssllabs.com/ssltest says: > > > > COMODO RSA Certification Authority > > Fingerprint SHA256: > > 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da > > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > > Valid untilSat, 30 May 2020 10:48:38 UTC (e...

...-hardening >> >> Although I believe that FIPS mode is also available in 7 > > That?s FIPS 140-2, a standard from 2001, which is three TLS standards ago. If I look at the comparison table from the link above FIPS mode does not look that bad. I guess that I would get A rating from ssllabs. > > FIPS 140-3 just barely became effective a few weeks ago, which means it won?t be considered for inclusion in RHEL until 9, which I don?t expect to appear until 3-4 years from now, by which time FIPS 140-2 will be around 21 years old. > > So, we not only have a situation where a...

...tc/letsencrypt/live/sd-41893.dedibox.fr/fullchain.pem --8<------------------------------------------------ After restarting Apache, the website shows up correctly. https://sd-41893.dedibox.fr/ But when I test it using Qualys SSL Labs Server Test, the results are a disappointment. https://www.ssllabs.com/ssltest/ The site is rated "C", with the following remarks: * This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C." "This server accepts RC4 cipher, but only with older protocols. Grade capped to B." "The s...

when i click on my bugzilla link, https://bugzilla.mindrot.org/show_bug.cgi?id=2651 i get this message from firefox: ``` bugzilla.mindrot.org uses an invalid security certificate. The certificate expired on January 3, 2017 at 12:12. The current time is January 3, 2017 at 14:36. Error code: SEC_ERROR_EXPIRED_CERTIFICATE '''

...GCM(128) > Mac=AEAD > ......... > SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCompression off Then use cipher suite to your liking. Modern, Intermediate, Old, from... https://wiki.mozilla.org/Security/Server_Side_TLS#Apache Test via... https://www.ssllabs.com/ssltest/

...aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES > !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4" > > <IfModule mod_headers.c> > Header always set Strict-Transport-Security "max-age=15768000; > includeSubDomains; preload" > </IfModule> > > https://www.ssllabs.com/ssltest/analyze.html?d=www.hogarthuk.com > > IIRC the Red Hat defaults are somewhat conservative on their > limitations in order to simplify and maximise client connectivity - as > some stuff (especially java apps or older mobile devices) tend to > struggle otherwise with only...

...of your client and > server and choose one, but be warned that if you ask two analyst, you > might not get the same answer which is "best" as this dependes on the > kind of threats you want to take care of > > > Oliver > Thanks Oliver. I had a look at: https://www.ssllabs.com/ssltest/viewClient.html?name=Android&version=4.4.2 And Android 4.4.2 does support: ECDHE-ECDSA-AES128-GCM-SHA256 So why then does K9 not connect using GCM? Could K9 mail not support this cipher? If Android supports it does this mean that K9 mail will support it too? Just trying to figu...

...s -v {cipher-specs} | grep DHE If the OP wants preferentially use PFS ciphers (but keep the other ciphers around for very old browsers), maybe something like ssl_cipher_list = ECDH:ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_prefer_server_ciphers = yes > finally you could use the service provided by ssllabs.com to scan your host. I second this recommendation, if you can work out the port issue. Maybe using a ncat | ncat pipe. Joseph Tam <jtam.home at gmail.com>

...rts that checked out fine, correct < in dovcot config but didn't load. chmod 644 /etc/ssl/certs/dovecot.cert /etc/ssl/private/dovecot.key fixed the problem regards, Tim On 16/12/2018 14:33, C. Andrews Lavarre wrote: > For what it's worth, this gives the server an A: > https://www.ssllabs.com/ssltest/analyze.html?d=mail.privustech.com > > So there is no problem with the certificates and key... > > Thanks again. > > On Sun, 2018-12-16 at 09:19 -0500, C. Andrews Lavarre wrote: >> So it's something else. -------------- next part -------------- An HTML att...

...e the example below. Is this possible with samba?   Anyone who can point me to the right direction?   I did google .. and i getting only old/very old results.  :-((   Also, very offtopic, but very usefull..  A few sites also you can check with.   https://www.htbridge.com/ssl/ https://ssllabs.com https://tls.imirhil.fr https://securityheaders.io/ http://emailsecuritygrader.com/   cli tool, very handy. https://testssl.sh/   https://cipherli.st/  from this site an improved apache (2.4.17+ )  line there. SSLCipherSuite "ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-PO...

...pen URL 'https://www.r-project.org' > In addition: Warning message: > In download.file("https://www.r-project.org", tempfile()) : > URL 'https://www.r-project.org': status was 'SSL peer certificate or > SSH remote key was not OK' > > https://www.ssllabs.com/ssltest says: > > COMODO RSA Certification Authority > Fingerprint SHA256: > 4f32d5dc00f715250abcc486511e37f501a899deb3bf7ea8adbbd3aef1c412da > Pin SHA256: grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME= > Valid untilSat, 30 May 2020 10:48:38 UTC (expired 8 hours and 51 > mi...