Displaying 20 results from an estimated 6000 matches similar to: "Enforcing server cipher list order"
2013 Sep 10
2
dovecot and PFS
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
2013 Jun 25
1
Configuring TLS 1.2
Hi
I'm running dovecot 2.1.6 and am trying to configure it to require TLS
1.2. So far I've only got as far as getting TLS 1.0 going.
In the config file <dovecot root>/etc/dovecot/conf.d/10-ssl.conf, I've
tried setting ssl_protocols to values like TLSv1.2:!TLSv1:!SSL3 but
without any success.
Attempts to google this matter turns up results for dovecot v1.2 as
opposed to
2012 Mar 20
1
IMAP and POP3 per SSL
Hi!
I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before.
Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server.
The security scanner found an error regarding a new SSL security leak named "BEAST". The
2015 Jan 26
0
Apache and SSLv3
> I'm configuring apache with https and I've a question about sslv3
> deactivation.
>
> Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
>
> ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128)
> Mac=AEAD
> .........
>
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression
2023 Aug 17
21
[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
https://bugzilla.mindrot.org/show_bug.cgi?id=3603
Bug ID: 3603
Summary: ssh clients can't communicate with server with default
cipher when fips is enabled at server end
Product: Portable OpenSSH
Version: 9.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: critical
2013 Oct 15
0
"Perfect Forward Secrecy" on Redhat/Fedora
RHEL/CentOS 6.5 will support ECDHE
Fedora currently makes the turnaround
no wonder that i burned down many hours:
https://bugzilla.redhat.com/show_bug.cgi?id=1019390
https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108
______________________________
recent dovecot with also support older clients but
perfer best possible encryption for modern ones
ssl_prefer_server_ciphers = yes
2014 Aug 25
2
Call for testing: OpenSSH 6.7
Slightly better results this time 'round ... still having non-ec.h build
issues, what I think is a race condition on RHEL 3, and PIE issues (fixed
with --without-pie config option) on RHEL 5 64-bit systems with a
just-built copy of openssl
Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140826.tar.gz
OS Build_Target CC
OpenSSL BUILD TEST
2013 Aug 23
0
SSL Cipher Order in Dovecot
Hi,
I want that dovecot uses PFS with my Apple Devices. I set the Cipher List to:
ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4
I got this from here: http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/
But then my only Outlook 2010 Client won't connect. If i enable rsa-aes128-SHA again on third place
2009 Aug 29
3
DO NOT REPLY [Bug 6672] New: mtim.tv_nsec not used when reading time of a file
https://bugzilla.samba.org/show_bug.cgi?id=6672
Summary: mtim.tv_nsec not used when reading time of a file
Product: rsync
Version: 3.0.6
Platform: Other
OS/Version: All
Status: NEW
Severity: major
Priority: P3
Component: core
AssignedTo: wayned at samba.org
ReportedBy: antonio at
2014 Aug 20
1
Cipher Order in sshd_config
Hi
Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search).
Id like to know in sshd_config file, if the order given for cipher key word has an impact please?
I mean is there a difference for the server if I do the config like :
e.g
Ciphers aes128-ctr,aes256-ctr
vs
Ciphers aes256-ctr,aes128-ctr
?
2014 Aug 25
1
Cipher Order in sshd_config
On Aug 25, 2014, at 9:52 AM, Damien Miller <djm at mindrot.org> wrote:
> On Wed, 20 Aug 2014, HAROUAT, KARIM (KARIM) wrote:
>> Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search).
>> Id like to know in sshd_config file, if the order given for cipher key word has an impact
2014 Jan 10
1
Possible to force cipher order?
Hi,
is it possible to force the server cipher order instead of the clients
preferences? When I connect with openssl using these ciphers:
'RC4-SHA:DHE-RSA-AES256-GCM-SHA384' -> RC4-SHA will be selected and with
'DHE-RSA-AES256-GCM-SHA384:RC4-SHA' -> DHE-RSA-AES256-GCM-SHA384
It seems to be recommended for webservers to override that due to bad
clients choices and
2016 Aug 03
2
Configure option '--with-ssh1' breaks openssh-7.3p1
On 08/03/16 03:19, Darren Tucker wrote:
>
> Yes. Debugging something on a system you can't interact with is hard
> enough without having information withheld.
>
I'll run again and add the relevant unedited texts as attachments.
There is nothing in /var/log/secure.
Also a diff between the config.h 's without and with --with-ssh1 is
attached.
I have a centos-6.7 under
2015 Mar 11
3
[Bug 2364] New: Incorrect .ssh parent directory permissions not logged
https://bugzilla.mindrot.org/show_bug.cgi?id=2364
Bug ID: 2364
Summary: Incorrect .ssh parent directory permissions not logged
Product: Portable OpenSSH
Version: 6.6p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs
2015 May 08
0
Apache 2.2 itk - 404 not found
Please also check for the proper security context. Do ls -Z
/var/www/html/index.html. The context type httpd_sys_content_t should be
present.
Regards
2015-05-08 14:32 GMT+02:00 Richard <lists-centos at listmail.innovate.net>:
> More specifically -- when you get the "not found" in the browser
> there should be an entry logged in the error log. E.g., tail the
> error log,
2002 Mar 08
0
[Bug 154] New: make failes: make: *** [cipher.o] Error 1
http://bugzilla.mindrot.org/show_bug.cgi?id=154
Summary: make failes: make: *** [cipher.o] Error 1
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: openssh-unix-dev at mindrot.org
2007 Jan 05
1
No warning message is displayed for "none" cipher
Hello all,
I tried to connect to the server that supports protocol 1:
# ssh -1 -o "cipher none" remotehost
<No valid SSH1 cipher, using 3des instead>
As per the code in sshconnect1.c, it has to alert the user about "none" cipher usage.
try_challenge_response_authentication() {
....
if (options.cipher == SSH_CIPHER_NONE)
2002 May 14
0
[Bug 242] New: cipher.c doesn't compile in openssh-3.1p1 (i386-solaris2.8-gcc)
http://bugzilla.mindrot.org/show_bug.cgi?id=242
Summary: cipher.c doesn't compile in openssh-3.1p1 (i386-
solaris2.8-gcc)
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Solaris
Status: NEW
Severity: minor
Priority: P3
Component: Miscellaneous
AssignedTo:
2013 Mar 11
1
[PATCH] Portability improvements for regress/cipher-speed.sh
Hi,
Although cipher-speed.sh isn't failing, its output is useless on some
platforms. Aside from the definition of $DATA noted in a previous post
to this list, it makes assumptions about dd's status message and the
behaviour of echo.
The patch below addresses these issue, at least on RHEL.
Index: regress/cipher-speed.sh
===================================================================
2003 Jan 10
1
Cipher Text per Packet
I am trying to do some analysis and modification on the cipher text in per packet increments. Having a bit of trouble getting the cipher text per packet. I believe I am getting the correct sent cipher text (from inside packet_send2 - compared it to a packet capture to be sure) but not certain about getting the recieving stream of cipher text. I have, of coarse, determined that packet_read_poll2