search for: stapling

Hi all, About a year ago, Torsten already asked for OCSP stapling (http://dovecot.org/pipermail/dovecot/2015-April/100632.html). Unfortunately, there was no answer to his question. Now RFC 7633 ("TLS Feature Extension", https://tools.ietf.org/html/rfc7633, a.k.a. "Must Staple") has landed, revocation is getting serious! I personally would li...

...OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't hypothetical, guys.... OCSP status querying isn't the same as verifying stapled OCSP responses though. Can't find Thunderbird's support for stapling unfortunately..

Hi, For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? If the TLS extension is supported, how does the admin configure the timestamp for each certificate? I?m wondering if any MUAs will follow Google?s lead and insist on CT. Thank you! -Felipe Gasper Mississauga, Ontario

...19:03 Felipe Gasper < felipe at felipegasper.com >> <mailto:felipe at felipegasper.com>> wrote: >> >> >> Hi, >> >> For CAs that do not include a signed certificate timestamp in their >> newly-issued certificates, does Dovecot support either OCSP stapling >> or the Certificate Transparency TLS extension? >> >> If the TLS extension is supported, how does the admin configure the >> timestamp for each certificate? >> >> I?m wondering if any MUAs will follow Google?s lead and insist on CT. >> >> Thank you!...

On 03-03-16 13:04, A. Schulze wrote: > > dovecot: > >> So I would like to know if Dovecot is planning to feature OCSP stapling. >> That way I know for sure my "must staple" certificates can be used by >> Dovecot. And in my opinion, every TLS offering daemon should be up to >> par to the capabilities of TLS.. Not lag behind :) >> >> What's your opinion on this matter? > > OC...

Op 3-3-2016 om 13:04 schreef A. Schulze: > > dovecot: > >> So I would like to know if Dovecot is planning to feature OCSP stapling. >> That way I know for sure my "must staple" certificates can be used by >> Dovecot. And in my opinion, every TLS offering daemon should be up to >> par to the capabilities of TLS.. Not lag behind :) >> >> What's your opinion on this matter? > > OC...

...r> </div> <div> <br> </div> <div> Hi, </div> <div> <br> </div> <div> For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension? </div> <div> <br> </div> <div> If the TLS extension is supported, how does the admin configure the timestamp for each certificate? </div> <div> <br> </div> <di...

dear R-help, i have looked carefully through the R-help archives for information on how to suppress whiskers in a bwplot. someone asked this question a while ago, but the answer he received is not available in the archives. but i did manage to get my hands on a panel function (called "my.panel") that is supposed to do this (the function is reproduced at the end of the email, below).

...wrote: >>> >>> I don't think OCSP is critical for free certificates suitable for >>> small businesses and personal sites. >>> >> this is philosophy; >> >> I'd say when you do it then do it good, else don't do it; > > Then OCSP stapling is the way to go but it could be a real PITA to > setup for the first time and may not be supported by older browsers > anyway. > not really, because the same server tells the client that the SSL certificate is good, as the SSL certificate itself; these must be independent; Walter

Hi, is there a plan to support TLS OCSP stapling in the near future? Regards Torsten -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150426/c30801b6/attachm...

I''d like to make the following changes (differences are from R1.0.1): boxplot.default() 1c1 < function (x, ..., range = 1.5, width = NULL, varwidth = FALSE, --- > function (x, ..., range = 1.5, width = NULL, varwidth = FALSE, boxwex=0.8, 37c37,38 < bxp(groups, width, varwidth = varwidth, notch = notch, --- > bxp(groups, width, varwidth = varwidth,

Hi all, I don't see xorg-x11-libs-6.8.2-1.EL.13.37.7.i386.rpm in the CentOS4 x86_64 updates repo. It is listed in the security announcement: http://lists.centos.org/pipermail/centos-announce/2007-April/013658.html I see the 4 other i386 packages there: devel, deprecated-libs, Mesa-libGL, and Mesa-libGLU. Just the libs package is missing. -- Garrick Staples, GNU/Linux HPCC SysAdmin

On 17.06.2016 19:57, ????????? ???????? wrote: >>> Then OCSP stapling is the way to go but it could be a real PITA to >>> setup for the first time and may not be supported by older browsers >>> anyway. >>> >> not really, because the same server tells the client that the SSL >> certificate is good, as the SSL certificate itself...

How do people feel about eliminating the list serv in favor of the forum? Or limiting the list serv to news? I have one vendor I work with that has a knowledgebase, a forum, and two mailing lists - with much overlap of topics. It is truly enough to drive you totally crazy. I'm not suggesting anything. Just bringing it up. Geoff

library(nlme) data(Phenobarb) na.include <- function(x)x phe1 <- nlme(conc~phenoModel(Subject, time, dose, lCl, lV), data = Phenobarb, fixed = lCl+lV~1, random= pdDiag(lCl+lV~1), start = c(-5,0), na.action = na.include, naPattern = ~!is.na(conc)) phe.ranef <- ranef(phe1,augFrame=TRUE) plot(phe.ranef, form=lCl~Wt+ApgarInd) [Error in max(length(x0),

Hi, Has any one know how to skip ix86 packages from installation in Centos kickstart? Most of our machines have 64bit Intel/AMD CPUs, and it make non-sense to still keep 32bit compatibility. Even worse of i*86 packages is, when upgrade we have to recompile both ix86 version and x86_64 version to get an automatic yum upgrade. I know we could use 'exclude' option to exclude i*86 packages

We are unable to call certain 800 numbers through Teliax but I thought I would post this here and see if anyone else had the same problem with either Teliax or other carriers. The 800 numbers causing problems pick-up the call right away and are in the US - American Airlines (8004337300) and Staples (800-378-2753) - we can call many other 800 numbers just fine. Our asterisk setup has a 4-port

Hi. I've finally got Samba to serve up print drivers for the printers I serve. However, I'm not able to set the default driver options. This is what I'm doing (from a Win2k Pro box) Start->Run \\(samba server) open Printers folder right click printer, Properties Device Settings tab Configure e.g. default paper size Click OK Reopen Properties->Device Settings, and the old paper

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see

>> Then OCSP stapling is the way to go but it could be a real PITA to >> setup for the first time and may not be supported by older browsers >> anyway. >> > not really, because the same server tells the client that the SSL > certificate is good, as the SSL certificate itself; > these must b...