similar to: [PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low

Hi! I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before. Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server. The security scanner found an error regarding a new SSL security leak named "BEAST". The

Hi all, As I reported earlier (with a typo in the work [BUG]) client certification validation *does not* work even if you do everything exactly according to all documentation and attempts at helpful advice. I have seen this issue with both startssl.com and self-signed certificates, and based on what I've seen from searching the web, this is a problem that has gotten little attention because

Hi, how do I protect dovecot 1.2.17 against poodle? Br /Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>

Hi everyone, Windows XP Pro OpenSSL 0.9.8i Ruby 1.8.6-p114 Ok, I''m going a bit OT here, but I want to see if anyone knows the answer. I built Ruby with VC++ 8 (cl 14). I managed to build and install OpenSSL. I also managed to build the Ruby OpenSSL extension, after 1 minor tweak to x509.h to eliminate a macro conflict: --- x509.orig Thu Oct 02 11:30:10 2008 +++ x509.h Thu Oct

Hi, I came up with the following patch while trying to figure out a good solution for the situation described in Debian bug #871987[1]. In short, OpenSSL in Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that unless an application requests otherwise, only TLSv1.2 is supported. In the world of e-mail this is seemingly an issue, as there are still way too many old clients

On Thu, 16 Apr 2015, Andrew Daviel wrote: > RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes > sendmail-8.13.8-ssl-opts.patch which adds support for disabling > SSLv3 and SSLv2 in sendmail.cf > > But as far as I can see there is no support in sendmail.mc - I can't > see how to compile sendmail.mc to get the required line > ServerSSLOptions in

I've set up a list of ciphers that excludes SSLv2 ciphers (and other weak ones) in the hope of preventing SSLv2 connections: ssl_cipher_list = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES : @STRENGTH However, this doesn't prevent the SSLv2 connection being allowed as our Nessus scans show and I'm tasked with trying to plug that "hole". I see Dovecot2 had