Displaying 20 results from an estimated 800 matches similar to: "disabling SSLv2 in dovecot 1.2.17"
2012 Mar 20
1
IMAP and POP3 per SSL
Hi!
I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before.
Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server.
The security scanner found an error regarding a new SSL security leak named "BEAST". The
2011 Oct 13
1
[PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low
# HG changeset patch
# User Cristian Rodr?guez <crrodriguez at opensuse.org>
# Date 1318533592 10800
# Node ID c15d6befe20082009cb40926afa208ab4b684818
# Parent 962df5d9413a4a0fcc68aacc1df0dca7a44a0240
Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low.
diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Wed
2014 Oct 19
3
Dovecote 1.2.17 poodle
Hi, how do I protect dovecot 1.2.17 against poodle?
Br
/Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
Hi all,
As I reported earlier (with a typo in the work [BUG]) client
certification validation *does not* work even if you do everything
exactly according to all documentation and attempts at helpful advice.
I have seen this issue with both startssl.com and self-signed
certificates, and based on what I've seen from searching the web, this
is a problem that has gotten little attention because
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
The openssl library in Debian unstable (targeting Buster) supports
TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0.
If the admin decides to also support TLS1.[01] users he can then enable
the lower protocol version in case the users can't update their system.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
src/config/all-settings.c
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
# HG changeset patch
# User David Hicks <david at hicks.id.au>
# Date 1373085976 -36000
# Sat Jul 06 14:46:16 2013 +1000
# Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e
# Parent 1fbac590b9d4dc05d81247515477bfe6192c262c
login-common: Add support for ECDH/ECDHE cipher suites
ECDH temporary key parameter selection must be performed during OpenSSL
context initialisation before ECDH and
2017 Sep 13
2
[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions
Hi,
I came up with the following patch while trying to figure out a good solution
for the situation described in Debian bug #871987[1]. In short, OpenSSL in
Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
unless an application requests otherwise, only TLSv1.2 is supported. In the
world of e-mail this is seemingly an issue, as there are still way too many old
clients
2003 Apr 11
2
How often should an encrypted session be rekeyed?
Using OpenSSL, is there a preferred/recommended rate of rekeying an
encrypted stream of data? Does OpenSSL handle this for developers
behind the scenes? Does it even need to be rekeyed?
Thanks in advance. -sc
--
Sean Chittenden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 202 bytes
Desc: not available
2006 Oct 16
2
PR#9295
I asked a question that might help me track down what changed between
2.3.1 that did build and the 2.4.0 version that will not build. Some of
the undefined names the linker was complaining about looked like #define
symbols that were not picked up by configure. The first thing I was
hoping for was to find out if this problem looked familiar? Whether or
not, I'm willing to try to work on
2010 Oct 01
4
Patching openssl rpms
Running CentOS release 5.5.
I'm trying to update or patch an SRPMS file, specifically
openssl-0.9.8e-12.el5_4.6.src.rpm.
Basically, I'm trying to change one line in the source, in ssl/ssl.h. I create
a "diff ?u" file called openssl-ssl-h.patch.
I then edit the openssl.spec file, and add 2 lines to that in the appropriate
place:
Patch88: openssl-ssl-h.patch
And
2006 Sep 28
1
'St9bad_alloc' (PR#9261)
Full_Name: Daniel E. Platt
Version: 2.3.1
OS: Win/XP - Cygwin
Submission from: (NULL) (68.198.10.240)
Error report:
terminate called after throwing an instance of 'St9bad_alloc'
what(): St9bad_alloc
Aborted (core dumped)
No indication of what the calling routine was, where the request came from, etc.
Am I simply requesting memory where non is available?
Dan
2012 Feb 28
1
migrating/converting from system users -> virtual users
Hello all,
We currently have a traditional mail server where all users have system
accounts (ie entries in the NIS passwd map) and mbox-format mail folders in
their (system) home directories.
I'm trying to setup a dovecot server in which we want all users to have
"virtual" accounts (in dovecot) and no entry in the passwd file at all (ie no
access to the mail server).
This is
2015 Apr 17
0
Disable SSLv3 in sendmail in CentOS 5
On Thu, 16 Apr 2015, Andrew Daviel wrote:
> RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes
> sendmail-8.13.8-ssl-opts.patch which adds support for disabling
> SSLv3 and SSLv2 in sendmail.cf
>
> But as far as I can see there is no support in sendmail.mc - I can't
> see how to compile sendmail.mc to get the required line
> ServerSSLOptions in
2007 Jun 11
2
SSL_CTX_set_info_callback problem in latest source
In the file ./src/login-common/ssl-proxy-openssl.c appears the code:
if (verbose_ssl)
SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
It appears the SSL_CTX_set_info_callback symbol only occurs in the
openssl development branch starting with 0x00909000L as this symbol
is missing from openssl 0.9.8b and 0.9.8e (no check of the latest
nightly snapshot of the stable 0.9.8 branch).
2006 Feb 20
2
Oracle & Ruby on Rails
I''ve a remote database create using Oracle. This database use schemas.
I tried to connect to it using Ruby On Rails,with this file Database.yml
:
development:
adapter: oci
host: liber
database: ENERGIA
username: user
password: pass
test:
adapter: oci
host: liber
database: ENERGIA
username: user
password: pass
production:
adapter: oci
host: liber
database:
2018 Jan 10
3
Can't compile Asterisk on Fedora server
All;
I have a Fedora 26 server that I am trying to compile
asterisk-certified-13.13-cert6 on. However, I'm getting the following
errors. I'm also having a tough time trying to compile Dahdi. I'm not sure
what I'm missing, but if anyone else is running Fedora, I'd really
appreciate any help at all.
Thanks Much;
John V.
make[1]: Leaving directory
2010 Jul 17
2
Plot error
Hi guys,
I am a newbie to R, so apologies in advance.
I created this simple table in excel, saved in tab delimited .txt:
name value_1 value_2
1 bill 1 4
2 ben 2 2
3 jane 3 1
>test <-read.table("\path\to\file", sep="\t", header=TRUE)
>x <-c(seq["value_1"])
>y <-c(seq["value_2"])
2006 Jun 01
1
ssl-proxy: client certificates and crl check
Skipped content of type multipart/alternative-------------- next part --------------
--- ssl-proxy-openssl.c.orig 2006-04-04 10:32:58.000000000 +0200
+++ ssl-proxy-openssl.c 2006-06-01 09:24:57.000000000 +0200
@@ -498,7 +498,7 @@
const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy)
{
X509 *x509;
- char buf[1024];
+ char buf[256];
const char *name;
if
2005 Oct 11
0
FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-05:21.openssl Security Advisory
The FreeBSD Project
Topic: Potential SSL 2.0 rollback
Category: contrib
Module: openssl
Announced: 2005-10-11
2017 Feb 14
0
openssl 1.1.0d breaks Android7 TLS connects
Hi,
the actual OpenSSL version detection in dovecot is insufficient.
The implementation only checks for SSL_CTRL_SET_ECDH_AUTO.
That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed.
Thats the code part:
#ifdef SSL_CTRL_SET_ECDH_AUTO
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key
parameter
selection. */
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);