search for: testssl

Hello. I've just tested my system that runs dovecot 2.3.4.1 on debian buster with testssl.sh (https://testssl.sh/) and is says: Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat Is this a configuration or a compilation issue and how to solve it? -- sergio.

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

...t work imtest (cyrus test suit) ssl_protocols = !SSLv2 !SSLv3 # Prefer the server's order of ciphers over client's # Only available on dovecot 2.2.6 and later:: ssl_prefer_server_ciphers = yes # Only available on dovecot 2.2.7 and later:: ssl_dh_parameters_length = 2048 Work fine, but only testssl.sh scanner generate small warning "Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat" openssl s_client -connect $host:993 -ssl2(3) and openssl s_client -connect $host:143 -starttls imap -showcerts -state -crlf -ssl2(3) break connection

...n the "binding" user, : account is trusted and cant not be delegated? Password can be changed and never expire need to be ticked also. Whats set on the Pfsence server in ldap.conf ? Is BASE and URI defined? As far i can tell, you certificate setup of fine. If your not sure, goto : testssl.sh (yes that is a website ) Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Shmerykowsky via samba > Verzonden: dinsdag 15 september 2020 22:57 > Aan: Rowland penny > CC: samba at lists.samba.org > O...

...g only old/very old results.  :-((   Also, very offtopic, but very usefull..  A few sites also you can check with.   https://www.htbridge.com/ssl/ https://ssllabs.com https://tls.imirhil.fr https://securityheaders.io/ http://emailsecuritygrader.com/   cli tool, very handy. https://testssl.sh/   https://cipherli.st/  from this site an improved apache (2.4.17+ )  line there. SSLCipherSuite "ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AE...

> but i try to this command > > openssl s_client -connect mail.mydomain:pop3s -starttls imap > > it says CONNECTED and hang. second command is correct? Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays). If you're testing IMAP, try one or the other or both depending of how many flavours

Hi, I have searched and not found waht tls versions are supported with samba 4.4.5 as AD. IS tls 1.2 supported with samba 4.4? If not what version? Thanks

On 09/03/16 10:44, Florent B wrote: > Hi, > > I don't see any SSL configuration option in Dovecot to disable > "Client-initiated secure renegotiation". > > It is advised to disable it as it can cause DDoS (CVE-2011-1473). > > Is it possible to have this possibility through an SSL option or other ? > > Thank you. > > Florent ssl_protocols = !SSLv3

...count is trusted and cant not be delegated? > Password can be changed and never expire need to be ticked also. > > Whats set on the Pfsence server in ldap.conf ? > Is BASE and URI defined? > > > As far i can tell, you certificate setup of fine. > If your not sure, goto : testssl.sh (yes that is a website ) > > > Greetz, > > Louis > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Marco Shmerykowsky via samba >> Verzonden: dinsdag 15 september 2020 22:57 >> Aan: Rowland...

> On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > > Am 29.07.2018 um 21:02 schrieb J Doe: >> Hello, >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. >> In: 10-ssl.conf there are two parameters: >> ssl_protocols >> ssl_cipher_list >> ssl_protocols is commented with ?SSL protocol to

On 2020-09-15 1:13 pm, miguel medalha wrote: >> I've tried restarting PHP-FPM and webconfigurator, >> but that doesn't seem to solve the problem. > > This must be done each time after you edit the configuration using the > LDAP > authentication setup page. Otherwise the changes won't stick. Before I > knew > this, I did suffer a lot trying to make it