search for: tls1_1

...nt=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 And I also created the file /etc/systemd/system/cockpit.service.d/ssl.conf and added: [Service] Environment=G_TLS_GNUTLS_PRIORITY=-VERS-ALL:+VERS-TLS1.2 after that, I systemctl restart cockpit But if I do #openssl s_client -connect localhost:9090 -tls1_1 I get a proper response (a certificate), so TLS 1.1 is being accepted. Suggestions? Thanks. -- --------------------- Erick Perez ---------------------

...l_key =? < /etc/dovecot/ssl/imap.mail.test.domain.com.key } doveconf -n: local_name imap.mail.test.domain.com { ? ssl_cert = </etc/dovecot/ssl/imap.mail.test.domain.com.pem ? ssl_key =? # hidden, use -P to show it } Now I test like: openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1 and dovecot show me default server cert (digicert) but not dedicated from letsencrypt In DNS domain imap.mail.test.domain.com is not match *.domain.com Any idea ?

...c 27 16:23:21 cockpit.localdomain cockpit-ws[3573]: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert Dec 27 16:23:30 cockpit.localdomain cockpit-ws[3573]: received invalid HTTP request line [root at cockpit ~]# [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher : ECDHE-RSA-AES256-SHA On Fri, Dec 27, 2019 at 10:09 AM Randal, Phil <phil.randal at hoopleltd.co.uk> wrote: > > Oops, excuse my typo > > Create /etc/sy...

...Environment=G_TLS_GNUTLS_PRIORITY=SECURE192:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2 And my last one: Environment=G_TLS_GNUTLS_PRIORITY=NONE:+SECURE128:-VERS-ALL:-SHA384:-SHA256 systemctl daemon-reload systemctl restart cockpit [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Protocol : TLSv1.1 Cipher : ECDHE-RSA-AES256-SHA [root at cockpit ~]# echo test | openssl s_client -connect localhost:9090 -tls1_2 2>&1 | grep -e Protocol -e Cipher New, TLSv1/SSLv3, Ciphe...

Hi! I'm trying to get information about a server certificate from a pigeonhole sieve server. Various connection attempts show only "wrong version number" or "unknown protocol" errors from openssl: $ openssl s_client -connect example.com:4190 { -tls1, -tls1_1, -tls1_2 } [ -starttls { imap, pop3 } ] None of these work. I'm trying to see who signed the server cert. How could I do this? Thanks, Daniel -- L?VAI D?niel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F

...e /etc/systemd/system/cockpit.service.d/ssl.conf containing [Service] Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 Then systemctl daemon-reload systemctl restart cockpit To verify that TLS 1.1 is disabled, echo test | openssl s_client -connect localhost:9090 -tls1_1 2>&1 | grep -e Protocol -e Cipher The expected result is: New, (NONE), Cipher is (NONE) Protocol : TLSv1.1 Cipher : 0000 Cheers, Phil -----Original Message----- From: Randal, Phil Sent: 27 December 2019 15:04 To: 'CentOS mailing list' <centos at centos.org> Sub...

...o Dovecot. Dovecot logged: ?? SSL routines:tls_early_post_process_client_hello:unsupported protocol and TCP/IP traces showed that it dropped the connection after the client's initial HELLO.? I tested what kinds of connections Dovecot would accept with (for example): ??? openssl s_client -tls1_1 -connect localhost:993?? # Test whether TLSv1.1 is accepted - received "unsupported protocol" message. Searching showed that Dovecot has a parameter "ssl_min_protocol", which is documented as defaulting to TLSv1.? Nevertheless I explicitly set it to TLSv1 with no effect.? Th...

...rus-imapd/tls.crt/server-chain-sslca.crt tls_cipher_list: EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:3DES:!SSLv2:+SSLv3:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP tls_prefer_server_ciphers: 1 tls_versions: tls1_0 tls1_1 tls1_2 Walter

Thanks Michael I will check with the free cert lets encrypt to test it. Remo > Il giorno 7 set 2019, alle ore 02:09, Michael Hallager via dovecot <dovecot at dovecot.org> ha scritto: > > ?On 2019-09-07 12:25, remo--- via dovecot wrote: >> What is the best way to adopt multiple certs? >> Thanks. > > /etc/dovecot/conf.d/10-ssl.conf > > Primary SSL

...rus-imapd/tls.crt/server-chain-sslca.crt tls_cipher_list: EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:3DES:!SSLv2:+SSLv3:!RC4:!MD5:!IDEA:!SEED:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP tls_prefer_server_ciphers: 1 tls_versions: tls1_0 tls1_1 tls1_2 Walter ------------------------------ Subject: Digest Footer _______________________________________________ CentOS mailing list CentOS at centos.org https://clicktime.symantec.com/a/1/GaRh-9mT7pT2BGk25Szya6j4lyfBTXokdCA6hocGAkM=?d=jdUOEa0ursy6vviA72Wp9CQyzmNZP0ZhevOrPVBV93kfSdUe78C...