similar to: Enforcing server cipher list order

Displaying 20 results from an estimated 6000 matches similar to: "Enforcing server cipher list order"

2013 Sep 10
2
dovecot and PFS
Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
2013 Jun 25
1
Configuring TLS 1.2
Hi I'm running dovecot 2.1.6 and am trying to configure it to require TLS 1.2. So far I've only got as far as getting TLS 1.0 going. In the config file <dovecot root>/etc/dovecot/conf.d/10-ssl.conf, I've tried setting ssl_protocols to values like TLSv1.2:!TLSv1:!SSL3 but without any success. Attempts to google this matter turns up results for dovecot v1.2 as opposed to
2012 Mar 20
1
IMAP and POP3 per SSL
Hi! I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before. Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server. The security scanner found an error regarding a new SSL security leak named "BEAST". The
2015 Jan 26
0
Apache and SSLv3
> I'm configuring apache with https and I've a question about sslv3 > deactivation. > > Running "openssl ciphers -v" I get a list of cypher suite of openssl like: > > ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) > Mac=AEAD > ......... > SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCompression
2023 Aug 17
21
[Bug 3603] New: ssh clients can't communicate with server with default cipher when fips is enabled at server end
https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: critical
2013 Oct 15
0
"Perfect Forward Secrecy" on Redhat/Fedora
RHEL/CentOS 6.5 will support ECDHE Fedora currently makes the turnaround no wonder that i burned down many hours: https://bugzilla.redhat.com/show_bug.cgi?id=1019390 https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 ______________________________ recent dovecot with also support older clients but perfer best possible encryption for modern ones ssl_prefer_server_ciphers = yes
2014 Aug 25
2
Call for testing: OpenSSH 6.7
Slightly better results this time 'round ... still having non-ec.h build issues, what I think is a race condition on RHEL 3, and PIE issues (fixed with --without-pie config option) on RHEL 5 64-bit systems with a just-built copy of openssl Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140826.tar.gz OS Build_Target CC OpenSSL BUILD TEST
2013 Aug 23
0
SSL Cipher Order in Dovecot
Hi, I want that dovecot uses PFS with my Apple Devices. I set the Cipher List to: ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4 I got this from here: http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ But then my only Outlook 2010 Client won't connect. If i enable rsa-aes128-SHA again on third place
2009 Aug 29
3
DO NOT REPLY [Bug 6672] New: mtim.tv_nsec not used when reading time of a file
https://bugzilla.samba.org/show_bug.cgi?id=6672 Summary: mtim.tv_nsec not used when reading time of a file Product: rsync Version: 3.0.6 Platform: Other OS/Version: All Status: NEW Severity: major Priority: P3 Component: core AssignedTo: wayned at samba.org ReportedBy: antonio at
2014 Aug 20
1
Cipher Order in sshd_config
Hi Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search). Id like to know in sshd_config file, if the order given for cipher key word has an impact please? I mean is there a difference for the server if I do the config like : e.g Ciphers aes128-ctr,aes256-ctr vs Ciphers aes256-ctr,aes128-ctr ?
2014 Aug 25
1
Cipher Order in sshd_config
On Aug 25, 2014, at 9:52 AM, Damien Miller <djm at mindrot.org> wrote: > On Wed, 20 Aug 2014, HAROUAT, KARIM (KARIM) wrote: >> Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search). >> Id like to know in sshd_config file, if the order given for cipher key word has an impact
2014 Jan 10
1
Possible to force cipher order?
Hi, is it possible to force the server cipher order instead of the clients preferences? When I connect with openssl using these ciphers: 'RC4-SHA:DHE-RSA-AES256-GCM-SHA384' -> RC4-SHA will be selected and with 'DHE-RSA-AES256-GCM-SHA384:RC4-SHA' -> DHE-RSA-AES256-GCM-SHA384 It seems to be recommended for webservers to override that due to bad clients choices and
2016 Aug 03
2
Configure option '--with-ssh1' breaks openssh-7.3p1
On 08/03/16 03:19, Darren Tucker wrote: > > Yes. Debugging something on a system you can't interact with is hard > enough without having information withheld. > I'll run again and add the relevant unedited texts as attachments. There is nothing in /var/log/secure. Also a diff between the config.h 's without and with --with-ssh1 is attached. I have a centos-6.7 under
2015 Mar 11
3
[Bug 2364] New: Incorrect .ssh parent directory permissions not logged
https://bugzilla.mindrot.org/show_bug.cgi?id=2364 Bug ID: 2364 Summary: Incorrect .ssh parent directory permissions not logged Product: Portable OpenSSH Version: 6.6p1 Hardware: ix86 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs
2015 May 08
0
Apache 2.2 itk - 404 not found
Please also check for the proper security context. Do ls -Z /var/www/html/index.html. The context type httpd_sys_content_t should be present. Regards 2015-05-08 14:32 GMT+02:00 Richard <lists-centos at listmail.innovate.net>: > More specifically -- when you get the "not found" in the browser > there should be an entry logged in the error log. E.g., tail the > error log,
2002 Mar 08
0
[Bug 154] New: make failes: make: *** [cipher.o] Error 1
http://bugzilla.mindrot.org/show_bug.cgi?id=154 Summary: make failes: make: *** [cipher.o] Error 1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org
2007 Jan 05
1
No warning message is displayed for "none" cipher
Hello all, I tried to connect to the server that supports protocol 1: # ssh -1 -o "cipher none" remotehost <No valid SSH1 cipher, using 3des instead> As per the code in sshconnect1.c, it has to alert the user about "none" cipher usage. try_challenge_response_authentication() { .... if (options.cipher == SSH_CIPHER_NONE)
2002 May 14
0
[Bug 242] New: cipher.c doesn't compile in openssh-3.1p1 (i386-solaris2.8-gcc)
http://bugzilla.mindrot.org/show_bug.cgi?id=242 Summary: cipher.c doesn't compile in openssh-3.1p1 (i386- solaris2.8-gcc) Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: minor Priority: P3 Component: Miscellaneous AssignedTo:
2013 Mar 11
1
[PATCH] Portability improvements for regress/cipher-speed.sh
Hi, Although cipher-speed.sh isn't failing, its output is useless on some platforms. Aside from the definition of $DATA noted in a previous post to this list, it makes assumptions about dd's status message and the behaviour of echo. The patch below addresses these issue, at least on RHEL. Index: regress/cipher-speed.sh ===================================================================
2003 Jan 10
1
Cipher Text per Packet
I am trying to do some analysis and modification on the cipher text in per packet increments. Having a bit of trouble getting the cipher text per packet. I believe I am getting the correct sent cipher text (from inside packet_send2 - compared it to a packet capture to be sure) but not certain about getting the recieving stream of cipher text. I have, of coarse, determined that packet_read_poll2