similar to: Possible to force cipher order?

Displaying 20 results from an estimated 10000 matches similar to: "Possible to force cipher order?"

2014 Dec 02
0
disabling certain ciphers
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim: > On 12/2/2014 1:32 AM, Reindl Harald wrote: >>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>>> ssl_dh_parameters_length = 2048 >>>> ssl_parameters_regenerate = 0 >>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >>> >>> But why does ssl_protocols behave
2018 Jan 08
1
TLS problem after upgrading from v2.2 to v2.3
Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes: >> Mine are below and they work just fine: >> >> ssl_cipher_list = >>
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =
2020 Jun 12
1
Read-flag of mails don't update
Am 11.06.20 um 18:08 schrieb @lbutlr: > On 10 Jun 2020, at 23:19, @lbutlr <kremels at kreme.com> wrote: >> On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote: >>> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum. >> >> Apologies, I did not see the attachments. Will
2016 Mar 10
2
Client-initiated secure renegotiation
On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can
2020 Jun 28
2
SSL-Question
my ERROR.log show: [2020-06-28 07:54:24] INFO main/main.c Icecast 2.4.4 server started [2020-06-28 07:54:24] DBUG yp/yp.c Updating YP configuration [2020-06-28 07:54:24] INFO yp/yp.c YP update thread started [2020-06-28 07:54:24] INFO connection/connection.c SSL certificate found at icecast.pem [2020-06-28 07:54:24] INFO connection/connection.c SSL using ciphers
2017 Apr 27
2
confused with ssl settings and some error - need help
Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.
2015 Jan 09
2
dovecot on wheezy, best ssl configuration ?
Hi thanks for your help! Trying to set your same parameters, when restarting dovecot, gives the error: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 136: Unknown setting: ssl_prefer_server_ciphers doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 136: Unknown setting:
2018 Mar 08
2
Extra intermediate certificate when using ssl_alt_cert
I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificate, but also sends two
2017 Apr 27
0
confused with ssl settings and some error - need help
> On April 27, 2017 at 8:12 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Hi, > To default dovecot.conf file I added (based on found documentation): > ssl = required > disable_plaintext_auth = yes #change default 'no' to 'yes' > ssl_prefer_server_ciphers = yes > ssl_options = no_compression > ssl_dh_parameters_length = 2048 >
2017 Apr 27
0
confused with ssl settings and some error - need help
> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Thank You for answers. But: > 1. How should be properly configured ssl_cipher_list? ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH To disable non-EC DH, use: ssl_cipher_list =
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
Am 09.01.2015 um 08:07 schrieb ml at ruggedinbox.com: > Hi all, when hardening dovecot against the POODLE vulnerability, > we followed the advise to disable SSL2 and SSL3 > but this is giving problems with some email clients (claws-mail). > > ssl_protocols = !SSLv2 !SSLv3 > > results in the following error: > > dovecot: pop3-login: Disconnected (no auth attempts in 1
2017 Apr 27
2
confused with ssl settings and some error - need help
Cipher list which You post provide better compatibility or security than those which I currently have? On older software version these cipher list works well and not generate any errors when I run Internal PCI scan test from https://cloud.tenable.com for another server. But for new server with newer software during test I got errors in mail.err. 2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi
2017 Mar 20
1
Deploying Diffie-Hellman for TLS
I have been reading up on TLS and Dovecot and came across this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
Am 09.01.2015 um 08:58 schrieb ml at ruggedinbox.com: > Hi thanks for your help! > Trying to set your same parameters, when restarting dovecot, gives the > error: > > doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf > line 136: Unknown setting: ssl_prefer_server_ciphers > doveconf: Error: managesieve-login: dump-capability process returned 89 >
2017 Aug 23
0
socketpair failed: Too many open files on Debian 9
You probably need to increase ulimit -n Aki On 23.08.2017 14:10, Patrick Westenberg wrote: > Hi @all, > > after re-installing one of my two frontends/proxy-servers I get the > following error messages after some time (sometimes after 1h, sometimes > after 24h): > > > 11:23:55 imap-login: Error: socketpair() failed: Too many open files > 11:23:55 imap-login: Error:
2017 Aug 23
0
socketpair failed: Too many open files on Debian 9
Hello, are you using systemd? May be you have to edit unit-file for dovecotservice and increase filelimit LimitNOFILE=infinity Hajo Am 23.08.2017 um 14:21 schrieb Patrick Westenberg: > I haven't done this on the old, working machine. > > So there must be a difference between Debian 7 and 9 how open files are > handled? > > Regards > Patrick > > > > Aki
2017 Apr 27
0
confused with ssl settings and some error - need help
I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test still gives errors: Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:07
2018 Dec 09
0
"no shared cypher", no matter what I try
On Sat, 2018-12-08 at 11:03 +0100, Marco Fioretti wrote: > Greetings, > I have had to reinstall my email server on another Linux (centos 7.6) > VPS, with a newer version of dovecot, other software and a brand new > letsencrypt certificate just for email withpostfix and dovecot (that > certificate works fine with postfix). Output of dovecot --version and > dovecot -n on the new
2020 Jun 11
0
Read-flag of mails don't update
On 10 Jun 2020, at 23:19, @lbutlr <kremels at kreme.com> wrote: > On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote: >> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum. > > Apologies, I did not see the attachments. Will look on a real screen later. Looks like your main