search for: sslv3

...s to be changed to "ALL:!LOW" (just upercased in this case). IMO, this would be helpful because executing openssl ciphers -v 'all:!low' would not return any cipher, but openssl ciphers -v 'ALL:!LOW' would return the expected cipher list such as ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 ADH-AES128-SHA SSLv3 Kx=DH...

...bug: SSL: where=0x10, ret=1: before/accept initialization Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A Sep 04 19:58:01...

...My configuration is as follows: $ dovecot -n | grep ssl service imap-login { ssl = yes ... } ssl_cert = <...... ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA ssl_key = <...... ssl_protocols = !SSLv3 !SSLv2 This cipherstring has been taken from https://bettercrypto.org/static/applied-crypto-hardening.pdf. But this is not the p...

...failed errno=11 (Resource temporarily unavailable) send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 9 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finishe...

No, is that something that would make a difference between 2.2.15 and 2.2.32? --Mark On Fri, 24 Nov 2017 21:37:47 -0800 Gary <lists at lazygranch.com> wrote: > Out of curiosity, do you do a !SSLv3 in the conf file? > > > ? Original Message ? >> From: mfoley at ohprs.org >> Sent: November 24, 2017 9:04 PM >> To: dovecot at dovecot.org >> Subject: Upgrade to 2.2.32 from 2.2.15 failed >> >> I have a problem. I have been running Dovecot 2.2.15 and I&...

...SSL: where=0x2001, ret=1: before/accept initialization Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A SeSep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A Sep 08 11:25:4...

Since people are now talking about the SSLv3 security hole and how to disable it, here's a thread where you can talk about that. In Dovecot v2.1+ you can disable SSLv3 by setting: ssl_protocols = !SSLv2 !SSLv3 In older versions you'd have to patch the source code. Attached a patch against v2.0. I don't know if there are any cl...

Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can us...

Hi, I am Yoshi, Japanese. I used FreeBSD 10.1 Dovecot 2.2.15 I want pop3s, so I made /usr/local/etc/dovecot/local.conf ssl = yes ssl_cert = </usr/local/etc/dovecot/server.pem ssl_key = </usr/local/etc/dovecot/server.key ssl_ca = </usr/local/etc/dovecot/ca.pem ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4 It's work fine. But, change ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4 ( SSLV3 -> SSLv3 ) I did trouble. /var/log/maillog Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): use...

Hello, I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. In: 10-ssl.conf there are two parameters: ssl_protocols ssl_cipher_list ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?. If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in ssl_cipher_list do the same thing ? So is: ssl_cipher_list = !SSLv3 ?equivalent to: ssl_protocols = !SSLv3 ssl_cipher_list = !SSLv3 Thanks, - J

...itialization [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1...

Hi all, I think I've found a small bug in how Dovecot logs SSL/TLS info. Basically, if I connect to the server using TLS, the logs have a lot of entries saying I used SSLv3 (which is not allowed). Here's my system info: OSX Yosemite (x86_64, HFS+) Dovecot 2.2.15 (via Homebrew) OpenSSL 0.9.8zd The configuration (see below) disallows SSLv3, and if I try and connect with OpenSSL to test that ("openssl s_client -connect localhost:993 -ssl3") it fails as ex...

...itialization [192.168.0.57] Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.57] Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.57] Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.57] Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.57] Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.57] Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1...

...ecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [10.x.x.x] Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [10.x.x.x] Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [10.x.x.x] Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [10.x.x.x] Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [10.x.x.x] Jul 23 11:01:26 mailserver...

...t: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.11] Jun 13 13:26:42 c...

...tion completed 4 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [174.233.134.88] 5 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [174.233.134.88] 6 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [174.233.134.88] 7 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [174.233.134.88] 8 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [174.233.134.88] 9 Nov 24 19:23:02 imap-login: Debug: SSL: w...

Dear libvirt team, we a currently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128 bits DHE-RSA-AES128-SHA Accepted SSLv3 128 bits AES128-SHA Accepted SSLv3 128 bits RC4-SH...

...itialization [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.57] Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1...

...LS settings for Dovecot version 2.2.22. >> In: 10-ssl.conf there are two parameters: >> ssl_protocols >> ssl_cipher_list >> ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?. >> If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in >> ssl_cipher_list do the same thing ? >> So is: >> ssl_cipher_list = !SSLv3 >> ?equivalent to: >> ssl_protocols = !SSLv3 >> ssl_cipher_list = !SSLv3 > > > No...

Thomas Preissler: > ssl_protocols = !SSLv3 !SSLv2 that disable SSLv3 > When I enable verbose_ssl I get this: > 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 flush data [$CLIENTIP] > ... > Is this right? Is SSLv3 used on this connection? The logging is right, but SSLv3 isn't used. T...