search for: tls1.0

Sure did! I am even playing with different options (including NONE) and it seems to ignore the contents of ssl.conf I have tried Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA Environment=G_TLS_GNUTLS_PRIORITY=PFS

On Fri, 25 Mar 2016 16:50, Eero Volotinen wrote: > > Stop paranoia? Tlsv1.0 is not recommended when storing credit card data. > > Eero > Hi List, > > Does anyone know why the above URL is still using TLS V1.0. > > I can't connect to it unless I enable TLS V1.0 which I was under the > impression that it should not be used > anymore. > > Thanks for any

Thanks, Randal for the response. But it did not work. Here the results: #yum info cockpit Name : cockpit Arch : x86_64 Version : 195.1 Release : 1.el7.centos.0.1 Size : 51 k Repo : installed >From repo : extras Summary : Web Console for Linux servers URL : https://cockpit-project.org/ License : LGPLv2+ [root at cockpit ~]# cat

On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote: >> DEF(SET_STR, ssl_protocols), >> DEF(SET_STR, ssl_cert_username_field), >> DEF(SET_STR, ssl_crypto_device), >> + DEF(SET_STR, ssl_lowest_version), > >Does it really require a new setting? Couldn't it use the existing >ssl_protocols setting? You need to set a minimal version.

The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- src/config/all-settings.c

On 25.03.2016 17:29, Eero Volotinen wrote: >> @Eero: IMHO you are missing some points here. There are more and more >> browsers that are unable to use SSL{2,3} as well as TLS1.0, not just >> disabled via config, but this decission was made at compile time. >> Newer Android and Apple-iOS devices for example. >> >> > This is not true. it works fine with latest

Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. Due to a suggestion from management, they want TLS 1.1 disabled system-wide in all Linux boxes and TLS 1.2 enabled. I have not found proper documentation on how to disable it for cockpit (version 195.1 ships with Centos 7) So far I have tried (https://cockpit-project.org/guide/149/https.html):

Hello, I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to enable TLS1.2 and TLS1.3 only. Is this possible with dovecot-2.2.36 / how to setup this? Thanks for suggestions, Andreas

Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>: > On 04/16/2015 05:00 PM, Eero Volotinen wrote: > > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 > > > > -- >

Hi there! I have been setuped exim and dovecot. Exim uses dovecot-lda to deliver mails to mailbox. Some configurations of exim: dovecot_virtual_delivery: ? driver = pipe ? command = /usr/libexec/dovecot/dovecot-lda -d $local_part@$domain -f $sender_address ? message_prefix = ? message_suffix = ? delivery_date_add ? envelope_to_add ? return_path_add ? log_output ? user = vmail ? group = vmail ?

> @Eero: IMHO you are missing some points here. There are more and more > browsers that are unable to use SSL{2,3} as well as TLS1.0, not just > disabled via config, but this decission was made at compile time. > Newer Android and Apple-iOS devices for example. > > This is not true. it works fine with latest android and ios. I just tested it. > And the point is not that the

Oops, excuse my typo Create /etc/systemd/system/cockpit.service.d/ssl.conf containing [Service] Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 Then systemctl daemon-reload systemctl restart cockpit To verify that TLS 1.1 is disabled, echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher The expected result is:

On Wed, 14 Nov 2018, Aki Tuomi wrote: >> I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So >> I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to >> enable TLS1.2 and TLS1.3 only. >> >> Is this possible with dovecot-2.2.36 / how to setup this? > > Not possible I'm afraid. ("Not possible" = challenge!)

Hi List, Does anyone know why the above URL is still using TLS V1.0. I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore. Thanks for any enlightenment. Steve --

On 01.10.2019 14:06, Rowland penny via samba wrote: > On 01/10/2019 12:51, Arkadiusz Karpi?ski wrote: >> >> On 30.09.2019 20:03, Rowland penny via samba wrote: >>> On 30/09/2019 18:06, akarpinski wrote: >>>> Samba version is 4.10.7 >>>> >>>> smb.conf: >>>> >>>> # Global parameters >>>> [global]

On 04/17/2015 11:20 PM, Eero Volotinen wrote: > Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 > and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" > solution. Perhaps re-evaluate the need to have TLS 1.1 and 1.2 right now. The only attack against 1.0 that I'm aware of is BEAST and that has been largely mitigated by

On Dec 27, 2019, at 16:28, Erick Perez - Quadrian Enterprises <eperez at quadrianweb.com> wrote: > > [root at cockpit ~]# cat /etc/systemd/system/cockpit.service.d/ssl.conf > Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 > > [root at cockpit ~]# > [root at cockpit ~]# systemctl start cockpit > [root at cockpit ~]# systemctl status

On 26 Aug 2017, at 19.47, Sebastian Andrzej Siewior <sebastian at breakpoint.cc> wrote: > > The openssl library in Debian unstable (targeting Buster) supports > TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. > If the admin decides to also support TLS1.[01] users he can then enable > the lower protocol version in case the users can't update their

On 2017-08-27 13:46, Sebastian Andrzej Siewior wrote: > On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote: >>> DEF(SET_STR, ssl_protocols), >>> DEF(SET_STR, ssl_cert_username_field), >>> DEF(SET_STR, ssl_crypto_device), >>> + DEF(SET_STR, ssl_lowest_version), >> Does it really require a new setting? Couldn't it use the

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 14 November 2018 at 21:19 "A. Schulze" < <a href="mailto:sca@andreasschulze.de">sca@andreasschulze.de</a>> wrote: </div>