similar to: DH parameter length too small?

Hello, after switching from version 2.2.7 to 2.2.7 I miss the loglines which say: ssl-params: Generating SSL parameters ssl-params: SSL parameters regeneration completed The configuration has not been changed and reads: | # 2.2.7: /usr/local/dovecot/etc/dovecot/dovecot.conf | # OS: Linux 2.6.35.14-106.fc14.i686.PAE i686 Fedora release 14 (Laughlin) ext3 | auth_mechanisms = plain login |

Hello, I've a share with preset permissions on different directories including acls. So in one folder for example users can only read and into other read and write. Everything works fine. The Problem is if one user decides to change the permission of a file or directory (via Windows) the acls and permissions get are messed up. How can I restrict users from changing permission on a share? I

Actually i gave up, i tried and tried and tried so many times, upgrading software falling back to an old version but it didn''t work, that''s it. i can''t do work together tc with iptables and iproute2 when i mark a packet with iptables tc doesn''t recognize them so it falls at the default leaf of the tc''s tree what i like is to mark packets depending on

Hello, I've some questions for you and hope you can help me with some issues. I'll start with the (hopefully) easier one. I'm working with Samba 3.0.28a an Ubuntu 8.04. 1. There's a share on an ext3 fs with user quota set. If I mount that share to another Ubuntu, how am I able to see the "free space" I have on that device? df only reports the free space of the

Hello, Sometime ago min rsa key length was increased to 1024 bit and i have a little understanding problem with this. I hope somebody with some crypto-experience can enlighten me. To make that clear, that is not about allowing lower keys in general. Personally i would tend to use even longer keys(2048bit+). However Due nature of RSA-algorithm in case of 1024bit this might result in a key

Michal Privoznik писал 2013-10-14 11:39: > On 14.10.2013 10:33, Alexandr wrote: >> Michal Privoznik писал 2013-10-14 08:48: >>> On 14.10.2013 02:42, Alexandr wrote: >>>> good day to all. >>>> i still have not solved my problem with event handling. >>>> currently i have following code >>>> >>>> >>>> void

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 --- Comment #13 from Darren Tucker <dtucker at zip.com.au> --- (In reply to Christoph Anton Mitterer from comment #10) [...] > Even though an attacker cannot (AFAIU??) for a connection to > downgrade to the weaker groups, The server's DH-GEX exchange hash includes the DH group sizes it received from the client. If these are

https://bugzilla.mindrot.org/show_bug.cgi?id=2303 Bug ID: 2303 Summary: ssh (and perhaps even sshd) should allow to specify the minimum DH group sizes for DH GEX Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=2302 --- Comment #4 from Damien Miller <djm at mindrot.org> --- Comment on attachment 2630 --> https://bugzilla.mindrot.org/attachment.cgi?id=2630 Make the DH-GEX fallback group 4k bit. Where did this group come from? IMO it would be best to use one of the standard groups if we're picking another fixed one - logjam attacks aren't

I don''t understand the following: root@jmnrouter:~# tc -s class ls dev vlan1 && tc -s qdisc ls dev vlan1 class hfsc 1: root Sent 0 bytes 0 pkts (dropped 0, overlimits 0) period 0 level 2 class hfsc 1:1 parent 1: sc m1 0bit d 0us m2 220000bit ul m1 0bit d 0us m2 220000bit Sent 0 bytes 0 pkts (dropped 0, overlimits 0) period 31304 work 7533852 bytes level 1 class hfsc 1:10

Michal Privoznik писал 2013-10-14 08:48: > On 14.10.2013 02:42, Alexandr wrote: >> good day to all. >> i still have not solved my problem with event handling. >> currently i have following code >> >> >> void libvirt_eventloop_thr_func() >> { >> while(true) //TODO: stop somehow on exit >> { >>

On Fri 2015-06-12 01:52:54 -0400, Mark D. Baushke wrote: > I have communicated with Allen Roginsky on this topic and I have been given permission to post his response. > > In this message below, the 'vendor' was Darren Tucker's generated prime > that used a generator value of 5. > > -- Mark > > From: "Roginsky, Allen" <allen.roginsky at

On Wed, May 27, 2015 at 05:08:25PM -0400, Daniel Kahn Gillmor wrote: > On Tue 2015-05-26 15:39:49 -0400, Mark D. Baushke wrote: > > Hi Folks, > > > > The generator value of 5 does not lead to a q-ordered subgroup which > > is needed to pass tests in > > > > http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf > > I

hello, I'm also developing a ssh application in java and I also got stuck with DH-Key Exchange. I just get to the SSH_MSG_KEXDH_REPLY from the server. But what is he expecting me to send then, as far as I understand the Transport Layer Protcol I should send the SSH_MSG_NEWKEYS message, but that doesn't work. Does anyone know what to send then? (the hint from Markus Friedl with kexdh.c

... is actually old & very well known by the maintainer! there is a bug report for exactly this that is 3 years and 124 days old! http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=165505 I can also add my report to this bug and mention that we need a fixed version for our xen packages, but as it looks for me (at the moment) the maintainer is not really interessted in getting this

http://bugzilla.mindrot.org/show_bug.cgi?id=567 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|critical |major Component|Build system |ssh-keygen Summary|pb at the end of compil with|ssh-keygen: DH parameter

Hi. I've got the following problem with our SSH client library: - client connects to OpenSSH 5.9+ server and they choose hmac-sha2-512 with diffie-hellman-group-exchange-sha256. - client sends MSG_KEX_DH_GEX_REQUEST DH group request with parameters (1024, 1024, 8192). I.e. minimum and preferred group size is 1024-bit, - OpenSSH server in kexgexs.c:kexgex_server processes this message and

With the default openssh configuration, the selected cipher is aes128-ctr. This means that dh_estimate gets called with bits=128, so dh_estimate selects a DH modulus size of 1024 bits. This seems questionable. Since the NSA seems to be sniffing most internet traffic, keeping SSH sessions secure against after-the-fact offline attack matters, and 1024-bit DH is not convincingly secure against

Hi! Is there any possibility to let dovecot serve >1024 Bit DH Parameters at SSL/TLS-connections? Is it possible to replace /var/lib/dovecot/ssl-parameters.ssl with DH-parameter generated by openssl? If not: Are there any plans to implement that? Thank you!

I'm using SSL for dovecot, and dovecot kindly warned me on startup that I needed the ssl_dh parameter, which I specified: # grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf ssl_dh = </etc/dovecot/dh.pem And I generated the file, as specified in the comment: # openssl dhparam -out /etc/dovecot/dh.pem 4096 The file contains the appropriate headers: # grep -P '^\-'