similar to: Suggestion for dovecot default SSL configuration...

Displaying 20 results from an estimated 30000 matches similar to: "Suggestion for dovecot default SSL configuration..."

2018 Jul 30
0
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
> On 30 July 2018 at 21:42 J Doe <general at nativemethods.com> wrote: > > > > > On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > > > > Am 29.07.2018 um 21:02 schrieb J Doe: > >> Hello, > >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. > >> In: 10-ssl.conf there are
2015 Jan 10
0
dovecot on wheezy, best ssl configuration ?
ml at ruggedinbox.com writes: > Our smtp server is postfix, can you please suggest a better > 'ssl_protocols' and 'ssl_cipher_list' configuration ? > We are running Debian 7 Wheezy A useful command to know is "openssl ciphers" run on the server that will tell you the ciphers available given a protocol and cipher list spec. If it comes out to empty, your client
2017 Apr 26
3
Apache + SSL: default configuration rated "C" by Qualys Labs
On 26 April 2017 at 13:16, Steven Tardy <sjt5atra at gmail.com> wrote: > >> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs <info at microlinux.fr> wrote: >> >> The site is rated "C" > > The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is excellent for getting apache tls config up-to-date. > >
2017 Apr 26
0
Apache + SSL: default configuration rated "C" by Qualys Labs
On 26/04/17 16:16, James Hogarth wrote: > On 26 April 2017 at 13:16, Steven Tardy <sjt5atra at gmail.com> wrote: >> >>> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs <info at microlinux.fr> wrote: >>> >>> The site is rated "C" >> >> The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is
2018 Jul 30
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
> On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > > Am 29.07.2018 um 21:02 schrieb J Doe: >> Hello, >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. >> In: 10-ssl.conf there are two parameters: >> ssl_protocols >> ssl_cipher_list >> ssl_protocols is commented with ?SSL protocol to
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
Am 09.01.2015 um 08:07 schrieb ml at ruggedinbox.com: > Hi all, when hardening dovecot against the POODLE vulnerability, > we followed the advise to disable SSL2 and SSL3 > but this is giving problems with some email clients (claws-mail). > > ssl_protocols = !SSLv2 !SSLv3 > > results in the following error: > > dovecot: pop3-login: Disconnected (no auth attempts in 1
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
Am 09.01.2015 um 08:58 schrieb ml at ruggedinbox.com: > Hi thanks for your help! > Trying to set your same parameters, when restarting dovecot, gives the > error: > > doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf > line 136: Unknown setting: ssl_prefer_server_ciphers > doveconf: Error: managesieve-login: dump-capability process returned 89 >
2015 Jan 09
2
dovecot on wheezy, best ssl configuration ?
Hi thanks for your help! Trying to set your same parameters, when restarting dovecot, gives the error: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 136: Unknown setting: ssl_prefer_server_ciphers doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 136: Unknown setting:
2017 Apr 27
0
confused with ssl settings and some error - need help
> On April 27, 2017 at 8:12 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Hi, > To default dovecot.conf file I added (based on found documentation): > ssl = required > disable_plaintext_auth = yes #change default 'no' to 'yes' > ssl_prefer_server_ciphers = yes > ssl_options = no_compression > ssl_dh_parameters_length = 2048 >
2004 Apr 23
3
SSL Ciphers
I have dovecot running as a pop3s server on port 995 it works great with sendmail and I run nessus to check security issues nessus reports this The SSLv2 server offers 3 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against
2017 Apr 27
0
confused with ssl settings and some error - need help
> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Thank You for answers. But: > 1. How should be properly configured ssl_cipher_list? ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH To disable non-EC DH, use: ssl_cipher_list =
2017 Jan 17
3
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend? Thanks! -- Jerry
2018 Jul 29
0
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
Am 29.07.2018 um 21:02 schrieb J Doe: > Hello, > > I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. > > In: 10-ssl.conf there are two parameters: > > ssl_protocols > ssl_cipher_list > > ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?. > > If I want to disable
2012 Mar 08
1
disabling SSLv2 in dovecot 1.2.17
I've set up a list of ciphers that excludes SSLv2 ciphers (and other weak ones) in the hope of preventing SSLv2 connections: ssl_cipher_list = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : @STRENGTH However, this doesn't prevent the SSLv2 connection being allowed as our Nessus scans show and I'm tasked with trying to plug that "hole". I see Dovecot2 had
2016 Nov 15
1
[PATCH] ssl: fix reference to SSLv2 and disable SSLv3
This is driven by the fact that OpenSSL 1.1 does not know about SSLv2 at all and dovecot's defaults simply make OpenSSL error out with "Unknown protocol 'SSLv2'"[1]. So we change the defaults to refer to SSLv2 iff OpenSSL seems to know something about it. While at it, it's also a good idea to disable SSLv3 by default as well. [1] https://bugs.debian.org/844347
2017 Apr 27
0
confused with ssl settings and some error - need help
I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test still gives errors: Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:07
2017 May 05
0
confused with ssl settings and some error - need help
Internal PCI Scan on Tenable.io website. Of course after register account. 2017-04-30 9:11 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > What kind of test are you running? > > Aki > > > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> > wrote: > > > > > > I turned of ssl_cipher_list in dovecot.conf file (so it's
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
On 04.03.2015 18:19, Emmanuel Dreyfus wrote: > On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote: >> Hello, >> about the CVE-2015-0204, in apache the following config seems to disable >> this vulnerability: >> SSLProtocol All -SSLv2 -SSLv3 >> SSLCipherSuite >> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 >> >> Is
2015 Oct 30
0
Webmail accessive Dovecot logins
"A. Schulze" writes: > David Mehler: > >> Second question, in the doveconf -n there's reference to my ssl_cipher >> am I using current tls ciphers that support pfs? > >> ssl_cipher_list = ALL:!LOW:!SSLv3:!SSLv2:!EXP:!aNULL > > some non pfs cipher would be still active. check yourself: > # openssl ciphers -v
2014 Dec 02
0
disabling certain ciphers
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim: > On 12/2/2014 1:32 AM, Reindl Harald wrote: >>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>>> ssl_dh_parameters_length = 2048 >>>> ssl_parameters_regenerate = 0 >>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >>> >>> But why does ssl_protocols behave