similar to: disabling SSLv2 in dovecot 1.2.17

Hi! I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before. Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server. The security scanner found an error regarding a new SSL security leak named "BEAST". The

# HG changeset patch # User Cristian Rodr?guez <crrodriguez at opensuse.org> # Date 1318533592 10800 # Node ID c15d6befe20082009cb40926afa208ab4b684818 # Parent 962df5d9413a4a0fcc68aacc1df0dca7a44a0240 Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low. diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c --- a/src/login-common/ssl-proxy-openssl.c Wed

Hi, how do I protect dovecot 1.2.17 against poodle? Br /Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>

Hi all, As I reported earlier (with a typo in the work [BUG]) client certification validation *does not* work even if you do everything exactly according to all documentation and attempts at helpful advice. I have seen this issue with both startssl.com and self-signed certificates, and based on what I've seen from searching the web, this is a problem that has gotten little attention because

The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- src/config/all-settings.c

# HG changeset patch # User David Hicks <david at hicks.id.au> # Date 1373085976 -36000 # Sat Jul 06 14:46:16 2013 +1000 # Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e # Parent 1fbac590b9d4dc05d81247515477bfe6192c262c login-common: Add support for ECDH/ECDHE cipher suites ECDH temporary key parameter selection must be performed during OpenSSL context initialisation before ECDH and

Hi, I came up with the following patch while trying to figure out a good solution for the situation described in Debian bug #871987[1]. In short, OpenSSL in Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that unless an application requests otherwise, only TLSv1.2 is supported. In the world of e-mail this is seemingly an issue, as there are still way too many old clients

Using OpenSSL, is there a preferred/recommended rate of rekeying an encrypted stream of data? Does OpenSSL handle this for developers behind the scenes? Does it even need to be rekeyed? Thanks in advance. -sc -- Sean Chittenden -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 202 bytes Desc: not available

I asked a question that might help me track down what changed between 2.3.1 that did build and the 2.4.0 version that will not build. Some of the undefined names the linker was complaining about looked like #define symbols that were not picked up by configure. The first thing I was hoping for was to find out if this problem looked familiar? Whether or not, I'm willing to try to work on

Running CentOS release 5.5. I'm trying to update or patch an SRPMS file, specifically openssl-0.9.8e-12.el5_4.6.src.rpm. Basically, I'm trying to change one line in the source, in ssl/ssl.h. I create a "diff ?u" file called openssl-ssl-h.patch. I then edit the openssl.spec file, and add 2 lines to that in the appropriate place: Patch88: openssl-ssl-h.patch And

Full_Name: Daniel E. Platt Version: 2.3.1 OS: Win/XP - Cygwin Submission from: (NULL) (68.198.10.240) Error report: terminate called after throwing an instance of 'St9bad_alloc' what(): St9bad_alloc Aborted (core dumped) No indication of what the calling routine was, where the request came from, etc. Am I simply requesting memory where non is available? Dan

Hello all, We currently have a traditional mail server where all users have system accounts (ie entries in the NIS passwd map) and mbox-format mail folders in their (system) home directories. I'm trying to setup a dovecot server in which we want all users to have "virtual" accounts (in dovecot) and no entry in the passwd file at all (ie no access to the mail server). This is

On Thu, 16 Apr 2015, Andrew Daviel wrote: > RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes > sendmail-8.13.8-ssl-opts.patch which adds support for disabling > SSLv3 and SSLv2 in sendmail.cf > > But as far as I can see there is no support in sendmail.mc - I can't > see how to compile sendmail.mc to get the required line > ServerSSLOptions in

In the file ./src/login-common/ssl-proxy-openssl.c appears the code: if (verbose_ssl) SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback); It appears the SSL_CTX_set_info_callback symbol only occurs in the openssl development branch starting with 0x00909000L as this symbol is missing from openssl 0.9.8b and 0.9.8e (no check of the latest nightly snapshot of the stable 0.9.8 branch).

I''ve a remote database create using Oracle. This database use schemas. I tried to connect to it using Ruby On Rails,with this file Database.yml : development: adapter: oci host: liber database: ENERGIA username: user password: pass test: adapter: oci host: liber database: ENERGIA username: user password: pass production: adapter: oci host: liber database:

All; I have a Fedora 26 server that I am trying to compile asterisk-certified-13.13-cert6 on. However, I'm getting the following errors. I'm also having a tough time trying to compile Dahdi. I'm not sure what I'm missing, but if anyone else is running Fedora, I'd really appreciate any help at all. Thanks Much; John V. make[1]: Leaving directory

Hi guys, I am a newbie to R, so apologies in advance. I created this simple table in excel, saved in tab delimited .txt: name value_1 value_2 1 bill 1 4 2 ben 2 2 3 jane 3 1 >test <-read.table("\path\to\file", sep="\t", header=TRUE) >x <-c(seq["value_1"]) >y <-c(seq["value_2"])

Skipped content of type multipart/alternative-------------- next part -------------- --- ssl-proxy-openssl.c.orig 2006-04-04 10:32:58.000000000 +0200 +++ ssl-proxy-openssl.c 2006-06-01 09:24:57.000000000 +0200 @@ -498,7 +498,7 @@ const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy) { X509 *x509; - char buf[1024]; + char buf[256]; const char *name; if

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:21.openssl Security Advisory The FreeBSD Project Topic: Potential SSL 2.0 rollback Category: contrib Module: openssl Announced: 2005-10-11

Hi, the actual OpenSSL version detection in dovecot is insufficient. The implementation only checks for SSL_CTRL_SET_ECDH_AUTO. That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed. Thats the code part: #ifdef SSL_CTRL_SET_ECDH_AUTO /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1);