search for: tls_ssl_options

Hello, Our "it-security" department asked me about Qualys warnings like -> SSL/TLS Compression Algorithm Information Leakage Vulnerability As far as I learned it's compression inside ssl. postfix-2.11 knows 'tls_ssl_options = no_compression' ( see http://www.postfix.org/postconf.5.html#tls_ssl_options ) is the something comparable in dovecot too? Looks like most extensions in ssl exist only to be disabled :-/ Thanks Andreas

...L: Stacked error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac #Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher When I setup in postfix main.cf file (other lines default): tls_ssl_options = no_ticket, no_compression tls_preempt_cipherlist = yes smtpd_sasl_security_options=noanonymous,noplaintext smtpd_sasl_tls_security_options=noanonymous,noplaintext smtpd_tls_mandatory_ciphers = high smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem #instead of below I tried smtpd_tls_mandatory...

...serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > This means your client did not support your enabled ciphers. > > > > > When I setup in postfix main.cf file (other lines default): > > tls_ssl_options = no_ticket, no_compression > > tls_preempt_cipherlist = yes > > smtpd_sasl_security_options=noanonymous,noplaintext > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > smtpd_tls_mandatory_ciphers = high > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048...

...; > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > > > > > This means your client did not support your enabled ciphers. > > > > > > > > > > > When I setup in postfix main.cf file (other lines default): > > > > tls_ssl_options = no_ticket, no_compression > > > > tls_preempt_cipherlist = yes > > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > > smtpd_tls_mandatory_ciphers = high > > > >...

...> mac > #Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher This means your client did not support your enabled ciphers. > > When I setup in postfix main.cf file (other lines default): > tls_ssl_options = no_ticket, no_compression > tls_preempt_cipherlist = yes > smtpd_sasl_security_options=noanonymous,noplaintext > smtpd_sasl_tls_security_options=noanonymous,noplaintext > smtpd_tls_mandatory_ciphers = high > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > #instead of bel...

...lo:no shared cipher > >> > > > >> > > This means your client did not support your enabled ciphers. > >> > > > >> > > > > >> > > > When I setup in postfix main.cf file (other lines default): > >> > > > tls_ssl_options = no_ticket, no_compression > >> > > > tls_preempt_cipherlist = yes > >> > > > smtpd_sasl_security_options=noanonymous,noplaintext > >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > >> > > > smtpd_tls_mandator...

...: SSL: Stacked error: > > > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > > > This means your client did not support your enabled ciphers. > > > > > > > > When I setup in postfix main.cf file (other lines default): > > > tls_ssl_options = no_ticket, no_compression > > > tls_preempt_cipherlist = yes > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > smtpd_tls_mandatory_ciphers = high > > > smtpd_tls_dh1024_param_f...

...L routines:ssl3_get_client_hello:no shared cipher >> > > >> > > This means your client did not support your enabled ciphers. >> > > >> > > > >> > > > When I setup in postfix main.cf file (other lines default): >> > > > tls_ssl_options = no_ticket, no_compression >> > > > tls_preempt_cipherlist = yes >> > > > smtpd_sasl_security_options=noanonymous,noplaintext >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext >> > > > smtpd_tls_mandatory_ciphers = high &gt...

...>> > > > > >> > > This means your client did not support your enabled ciphers. > > >> > > > > >> > > > > > >> > > > When I setup in postfix main.cf file (other lines default): > > >> > > > tls_ssl_options = no_ticket, no_compression > > >> > > > tls_preempt_cipherlist = yes > > >> > > > smtpd_sasl_security_options=noanonymous,noplaintext > > >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > >> > > &gt...

Hi, I have setup a new ubuntu on 16.04.. I have already a running system on 14.04 but wanted to migrate. I get an error when checking user in ldap. +++ Aug 31 18:14:16 auth: Error: ldap_bind Aug 31 18:14:16 auth: Error: ldap_simple_bind Aug 31 18:14:16 auth: Error: ldap_sasl_bind Aug 31 18:14:16 auth: Error: ldap_send_initial_request Aug 31 18:14:16 auth: Error: ldap_new_connection 1 1 0 Aug 31

...list = aNULL:-aNULL:ALL:!EXPORT:!LOW:+RC4:@STRENGTH tls_null_cipherlist = eNULL:!aNULL tls_preempt_cipherlist = no tls_random_bytes = 32 tls_random_exchange_name = ${data_directory}/prng_exch tls_random_prng_update_period = 3600s tls_random_reseed_period = 3600s tls_random_source = dev:/dev/urandom tls_ssl_options = tls_wildcard_matches_multiple_labels = yes tlsmgr_service_name = tlsmgr tlsproxy_enforce_tls = $smtpd_enforce_tls tlsproxy_service_name = tlsproxy tlsproxy_tls_CAfile = $smtpd_tls_CAfile tlsproxy_tls_CApath = $smtpd_tls_CApath tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_sessio...