Displaying 14 results from an estimated 14 matches for "tls_chacha20_poly1305_sha256".
2020 Sep 24
3
dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?
...ssl.
SSL_CTX_set_ciphersuites() is used to configure the available TLSv1.3 ciphersuites for ctx. This is a simple colon
(":") separated list of TLSv1.3 ciphersuite names in order of preference. Valid TLSv1.3 ciphersuite names are:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256
An empty list is permissible. The default value for the this setting is:
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
SSL_set_ciphersuites() is the same as SSL_CTX_set_ciphersuites() except it con...
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...cnf
to set preferences for apps' usage, e.g. Postfix etc; Typically, here
cat /etc/pki/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
MinProtocol = TLSv1.2
Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-...
2020 Oct 01
3
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
hi,
On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote:
> I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 to?Dovecot v2.3.8 on Centos-8
My report is specifically/solely about the addition/use of the
Options = ServerPreference
parameter.
I don't see that in your configuration.
Are you using it? In a config using Dovecot's submission proxy?
2020 Oct 01
0
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...tc/crypto-policies/back-ends/opensslcnf.config*
And /etc/crypto-policies/back-ends/opensslcnf.config :
CipherString =
@SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
Ciphersuites =
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
MinProtocol = *TLSv1.1*
MaxProtocol = TLSv1.3
Regards
Le jeu. 1 oct. 2020 ? 17:29, PGNet Dev <pgnet.dev at gmail.com> a ?crit :
> hi,
>
> On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote:
> > I had the same problem when migrating f...
2020 Sep 26
2
managesieve script 'redirect' fails @ "Error: sieve: ... aborted due to temporary failure; Error: smtp-server: ... failed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number"; direct send OK ?
...ix/postfix.log <==
Sep 26 16:00:33 mx postfix/submit-from-dovecot-proxy/smtpd[7179]: connect from internal.mx.example.com[10.0.1.17]
Sep 26 16:00:33 mx postfix/submit-from-dovecot-proxy/smtpd[7179]: Trusted TLS connection established from internal.mx.example.com[10.0.1.17]: TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384
Sep 26 16:00:33 mx postfix/submit-from-dovecot-proxy/smtpd[7179]: 4BzPQ95QwwzWf9g: client=internal.mx.example.com[10.0.1.17]
Sep 26 16:00:33 mx postfix/qmgr[6...
2020 Sep 22
0
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...ly, here
>
> cat /etc/pki/tls/openssl.cnf
>
> openssl_conf = default_conf
>
> [default_conf]
> ssl_conf = ssl_sect
>
> [ssl_sect]
> system_default = system_default_sect
>
> [system_default_sect]
> MinProtocol = TLSv1.2
> Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
> CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE...
2019 Feb 24
0
permission denied errors with INDEX=MEMORY and trees plugin
...inet_listener pop3s {
port = 0
}
}
service quota-warning {
executable = script /usr/lib/dovecot/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
ssl = required
ssl_cert = </etc/acme/fullchain.cer
ssl_cipher_list = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_ser...
2020 Sep 22
3
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
...> > openssl_conf = default_conf
> >
> > [default_conf]
> > ssl_conf = ssl_sect
> >
> > [ssl_sect]
> > system_default = system_default_sect
> >
> > [system_default_sect]
> > MinProtocol = TLSv1.2
> > Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
> > CipherString = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:...
2020 Sep 23
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote:
>
>
> On 9/22/20 10:51 AM, Aki Tuomi wrote:
> >>>
> >
> > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue.
>
> I've NO issue with that config/setting with any _other_ app -- whether in general
2019 Oct 11
3
Error: SSL_accept() syscall failed
In setting up my new mail server, I am getting the following in the logs:
Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS
handshaking: SSL_accept() syscall failed: Success*,
session=<B9OokqCUD+UYNU8K>
I have tried various ssl_protocols entries, but for now have defaulted
back to
2019 Jul 27
2
submission configuration issues
...ssion-login {
inet_listener submissions {
haproxy = no
port = 465
reuse_port = no
ssl = yes
}
}
ssl_alt_cert = </var/lib/acme/imap.example.com/rsa/cert.pem
ssl_alt_key = # hidden, use -P to show it
ssl_cert = </var/lib/acme/imap.example.com/ecdsa/cert.pem
ssl_cipher_list = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AE...
2020 Jul 23
2
dsync fails for existing user: "Error: Failed to initialize user: Namespace '': Mailbox list driver imapc: missing imapc_password" ?
i'm attempting to dsync from a remote/other IMAP store to my current/new dovecot instance
testing remote's IMAP access from the local/dovecot box, i can successfully login
openssl s_client \
-crlf \
-4 \
-showcerts \
-bind 10.0.1.10 \
-connect remote-imap.example.com:993 \
-cert /sec/vmail/client.EC.crt.pem \
-key /sec/vmail/client.EC.key.pem \
-CAfile
2019 Jul 27
0
submission configuration issues
...ert = </var/lib/acme/imap.example.com/rsa/cert.pem
> <http://imap.example.com/rsa/cert.pem>
> ssl_alt_key = # hidden, use -P to show it
> ssl_cert = </var/lib/acme/imap.example.com/ecdsa/cert.pem
> <http://imap.example.com/ecdsa/cert.pem>
> ssl_cipher_list =
> TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AE...
2019 Jul 23
5
submission configuration issues
Hello,
I'm having trouble configuring the submission proxy.
I have configured the submission service as follow:
submission_host = smtp.example.com
submission_relay_host = localhost
submission_relay_port = 8587
submission_relay_rawlog_dir = /var/log/dovecot/
submission_relay_trusted = yes
My main issue is that until I login, dovecot-submission won't connect to the backend and query the