similar to: Enforcing server cipher list order

Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10

Hi I'm running dovecot 2.1.6 and am trying to configure it to require TLS 1.2. So far I've only got as far as getting TLS 1.0 going. In the config file <dovecot root>/etc/dovecot/conf.d/10-ssl.conf, I've tried setting ssl_protocols to values like TLSv1.2:!TLSv1:!SSL3 but without any success. Attempts to google this matter turns up results for dovecot v1.2 as opposed to

Hi! I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before. Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server. The security scanner found an error regarding a new SSL security leak named "BEAST". The

> I'm configuring apache with https and I've a question about sslv3 > deactivation. > > Running "openssl ciphers -v" I get a list of cypher suite of openssl like: > > ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) > Mac=AEAD > ......... > SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCompression

https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: critical

RHEL/CentOS 6.5 will support ECDHE Fedora currently makes the turnaround no wonder that i burned down many hours: https://bugzilla.redhat.com/show_bug.cgi?id=1019390 https://bugzilla.redhat.com/show_bug.cgi?id=319901#c108 ______________________________ recent dovecot with also support older clients but perfer best possible encryption for modern ones ssl_prefer_server_ciphers = yes

Slightly better results this time 'round ... still having non-ec.h build issues, what I think is a race condition on RHEL 3, and PIE issues (fixed with --without-pie config option) on RHEL 5 64-bit systems with a just-built copy of openssl Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140826.tar.gz OS Build_Target CC OpenSSL BUILD TEST

Hi, I want that dovecot uses PFS with my Apple Devices. I set the Cipher List to: ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4 I got this from here: http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ But then my only Outlook 2010 Client won't connect. If i enable rsa-aes128-SHA again on third place

https://bugzilla.samba.org/show_bug.cgi?id=6672 Summary: mtim.tv_nsec not used when reading time of a file Product: rsync Version: 3.0.6 Platform: Other OS/Version: All Status: NEW Severity: major Priority: P3 Component: core AssignedTo: wayned at samba.org ReportedBy: antonio at

Hi Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search). Id like to know in sshd_config file, if the order given for cipher key word has an impact please? I mean is there a difference for the server if I do the config like : e.g Ciphers aes128-ctr,aes256-ctr vs Ciphers aes256-ctr,aes128-ctr ?

On Aug 25, 2014, at 9:52 AM, Damien Miller <djm at mindrot.org> wrote: > On Wed, 20 Aug 2014, HAROUAT, KARIM (KARIM) wrote: >> Sorry to disturb you but I am looking for a question I have, but I don't find any clue for it on the archive list, neither Internet (google search). >> Id like to know in sshd_config file, if the order given for cipher key word has an impact

Hi, is it possible to force the server cipher order instead of the clients preferences? When I connect with openssl using these ciphers: 'RC4-SHA:DHE-RSA-AES256-GCM-SHA384' -> RC4-SHA will be selected and with 'DHE-RSA-AES256-GCM-SHA384:RC4-SHA' -> DHE-RSA-AES256-GCM-SHA384 It seems to be recommended for webservers to override that due to bad clients choices and

On 08/03/16 03:19, Darren Tucker wrote: > > Yes. Debugging something on a system you can't interact with is hard > enough without having information withheld. > I'll run again and add the relevant unedited texts as attachments. There is nothing in /var/log/secure. Also a diff between the config.h 's without and with --with-ssh1 is attached. I have a centos-6.7 under

https://bugzilla.mindrot.org/show_bug.cgi?id=2364 Bug ID: 2364 Summary: Incorrect .ssh parent directory permissions not logged Product: Portable OpenSSH Version: 6.6p1 Hardware: ix86 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs

Please also check for the proper security context. Do ls -Z /var/www/html/index.html. The context type httpd_sys_content_t should be present. Regards 2015-05-08 14:32 GMT+02:00 Richard <lists-centos at listmail.innovate.net>: > More specifically -- when you get the "not found" in the browser > there should be an entry logged in the error log. E.g., tail the > error log,

http://bugzilla.mindrot.org/show_bug.cgi?id=154 Summary: make failes: make: *** [cipher.o] Error 1 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

Hello all, I tried to connect to the server that supports protocol 1: # ssh -1 -o "cipher none" remotehost <No valid SSH1 cipher, using 3des instead> As per the code in sshconnect1.c, it has to alert the user about "none" cipher usage. try_challenge_response_authentication() { .... if (options.cipher == SSH_CIPHER_NONE)

http://bugzilla.mindrot.org/show_bug.cgi?id=242 Summary: cipher.c doesn't compile in openssh-3.1p1 (i386- solaris2.8-gcc) Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: Solaris Status: NEW Severity: minor Priority: P3 Component: Miscellaneous AssignedTo:

Hi, Although cipher-speed.sh isn't failing, its output is useless on some platforms. Aside from the definition of $DATA noted in a previous post to this list, it makes assumptions about dd's status message and the behaviour of echo. The patch below addresses these issue, at least on RHEL. Index: regress/cipher-speed.sh ===================================================================

I am trying to do some analysis and modification on the cipher text in per packet increments. Having a bit of trouble getting the cipher text per packet. I believe I am getting the correct sent cipher text (from inside packet_send2 - compared it to a packet capture to be sure) but not certain about getting the recieving stream of cipher text. I have, of coarse, determined that packet_read_poll2