Displaying 20 results from an estimated 941 matches for "sslv3".
2005 Jul 24
2
ssl_cipher_list
...s to be changed to
"ALL:!LOW" (just upercased in this case). IMO, this would be helpful
because executing
openssl ciphers -v 'all:!low'
would not return any cipher, but
openssl ciphers -v 'ALL:!LOW'
would return the expected cipher list such as
ADH-AES256-SHA SSLv3 Kx=DH Au=None Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
ADH-AES128-SHA SSLv3 Kx=DH...
2019 Sep 04
4
TLS not working with iOS beta?
...bug: SSL: where=0x10, ret=1: before/accept initialization
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A
Sep 04 19:57:58 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A
Sep 04 19:58:01 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A
Sep 04 19:58:01...
2015 Mar 15
2
Dovecot 2.1.7 still accepting SSLv3 though disabled?
...My configuration is as follows:
$ dovecot -n | grep ssl
service imap-login {
ssl = yes
...
}
ssl_cert = <......
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_key = <......
ssl_protocols = !SSLv3 !SSLv2
This cipherstring has been taken from
https://bettercrypto.org/static/applied-crypto-hardening.pdf. But this
is not the p...
2002 May 17
3
samba + openldap + tls
...failed errno=11 (Resource temporarily unavailable)
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finishe...
2017 Nov 25
0
Upgrade to 2.2.32 from 2.2.15 failed
No, is that something that would make a difference between 2.2.15 and 2.2.32?
--Mark
On Fri, 24 Nov 2017 21:37:47 -0800 Gary <lists at lazygranch.com> wrote:
> Out of curiosity, do you do a !SSLv3 in the conf file?
>
>
> ? Original Message ?
>> From: mfoley at ohprs.org
>> Sent: November 24, 2017 9:04 PM
>> To: dovecot at dovecot.org
>> Subject: Upgrade to 2.2.32 from 2.2.15 failed
>>
>> I have a problem. I have been running Dovecot 2.2.15 and I&...
2019 Sep 08
3
TLS not working with iOS beta?
...SSL: where=0x2001, ret=1: before/accept initialization
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A
SeSep 08 11:25:47 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A
SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A
Sep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A
SSep 08 11:25:47 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A
Sep 08 11:25:4...
2014 Oct 14
2
Disabling SSLv3 protocol
Since people are now talking about the SSLv3 security hole and how to disable it, here's a thread where you can talk about that. In Dovecot v2.1+ you can disable SSLv3 by setting:
ssl_protocols = !SSLv2 !SSLv3
In older versions you'd have to patch the source code. Attached a patch against v2.0.
I don't know if there are any cl...
2015 Jan 26
3
Apache and SSLv3
Hi list,
I'm configuring apache with https and I've a question about sslv3
deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128)
Mac=AEAD
.........
Each lines report relative protocol.
Disabling sslv3 with "SSLProtocol all -SSLv3" I can us...
2015 Jan 05
2
'ssl_cipher_list' setting
Hi, I am Yoshi, Japanese.
I used
FreeBSD 10.1
Dovecot 2.2.15
I want pop3s, so I made
/usr/local/etc/dovecot/local.conf
ssl = yes
ssl_cert = </usr/local/etc/dovecot/server.pem
ssl_key = </usr/local/etc/dovecot/server.key
ssl_ca = </usr/local/etc/dovecot/ca.pem
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4
It's work fine.
But, change
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:!RC4
( SSLV3 -> SSLv3 )
I did trouble.
/var/log/maillog
Jan 6 05:41:53 example dovecot: pop3-login: Disconnected (no auth attempts in 0
secs): use...
2018 Jul 29
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
Hello,
I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
In: 10-ssl.conf there are two parameters:
ssl_protocols
ssl_cipher_list
ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?.
If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in
ssl_cipher_list do the same thing ?
So is:
ssl_cipher_list = !SSLv3
?equivalent to:
ssl_protocols = !SSLv3
ssl_cipher_list = !SSLv3
Thanks,
- J
2017 Jul 12
0
Cannot Authenticate user with Kerberos/GSSAPI
...itialization [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1...
2015 Jun 03
1
Misleading SSL/TLS Log Messages
Hi all,
I think I've found a small bug in how Dovecot logs SSL/TLS info. Basically,
if I connect to the server using TLS, the logs have a lot of entries saying
I used SSLv3 (which is not allowed). Here's my system info:
OSX Yosemite (x86_64, HFS+)
Dovecot 2.2.15 (via Homebrew)
OpenSSL 0.9.8zd
The configuration (see below) disallows SSLv3, and if I try and connect
with OpenSSL to test that ("openssl s_client -connect localhost:993 -ssl3")
it fails as ex...
2017 Jul 11
0
stopped being able to kerberos/GSSAPI authenticate with new email accounts
...itialization [192.168.0.57]
Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.57]
Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.57]
Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.57]
Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.57]
Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.57]
Jul 11 18:08:25 imap-login: Debug: SSL: where=0x2001, ret=1...
2014 Jul 23
1
SSL certificate problem (SSL alert number 42)
...ecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [10.x.x.x]
Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [10.x.x.x]
Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [10.x.x.x]
Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [10.x.x.x]
Jul 23 11:01:26 mailserver dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [10.x.x.x]
Jul 23 11:01:26 mailserver...
2011 Jun 13
1
SSL comunication problems with client side.
...t: imap-login: Warning: SSL:
where=0x10, ret=1: before/accept initialization [192.168.0.11]
Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL:
where=0x2001, ret=1: before/accept initialization [192.168.0.11]
Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL:
where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.11]
Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL:
where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.11]
Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL:
where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.11]
Jun 13 13:26:42 c...
2017 Nov 25
3
Upgrade to 2.2.32 from 2.2.15 failed
...tion completed
4 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [174.233.134.88]
5 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [174.233.134.88]
6 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [174.233.134.88]
7 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [174.233.134.88]
8 Nov 24 19:23:02 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [174.233.134.88]
9 Nov 24 19:23:02 imap-login: Debug: SSL: w...
2015 Apr 28
1
Disable weak ciphers in vnc_tls
Dear libvirt team,
we a currently in a pci-dss certification process and our security
scanner found weak ciphers in the vlc_tls service on our centos6 box:
When I scan using sslscan I can see that sslv3 and rc4 is accepted:
inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128 bits DHE-RSA-AES128-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 128 bits RC4-SH...
2017 Jul 11
1
Unable to Kerberos/GSSAPI an existing user on new workstation
...itialization [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.57]
Jul 11 19:29:46 imap-login: Debug: SSL: where=0x2001, ret=1...
2018 Jul 30
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
...LS settings for Dovecot version 2.2.22.
>> In: 10-ssl.conf there are two parameters:
>> ssl_protocols
>> ssl_cipher_list
>> ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?.
>> If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in
>> ssl_cipher_list do the same thing ?
>> So is:
>> ssl_cipher_list = !SSLv3
>> ?equivalent to:
>> ssl_protocols = !SSLv3
>> ssl_cipher_list = !SSLv3
>
>
> No...
2015 Mar 15
0
Dovecot 2.1.7 still accepting SSLv3 though disabled?
Thomas Preissler:
> ssl_protocols = !SSLv3 !SSLv2
that disable SSLv3
> When I enable verbose_ssl I get this:
> 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 flush data [$CLIENTIP]
> ...
> Is this right? Is SSLv3 used on this connection?
The logging is right, but SSLv3 isn't used.
T...