similar to: POODLE and TLSv1

Hi, I can no longer connect to Dovecot (IMAP). The connection is terminated by Dovecot after Client Helo. My server: Dovecot 2.3.3 Debian buster/sid Architecture: ppc My problems started in late August after upgrading Dovecot. SSL settings: ssl_dh = </etc/ssl/dh2048.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list =

Hello, I came across a strange problem with my Dovecot 2.1.7 installation (updated Debian Wheezy) in regards to SSL/TLS connections. My configuration is as follows: $ dovecot -n | grep ssl service imap-login { ssl = yes ... } ssl_cert = <...... ssl_cipher_list =

I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify?

On 16/7/20 5:54 am, Benny Pedersen wrote: >>> FWIW I meant if the client is Windows7/old-Outlook then changing >>> either 993/SSL or 143/STARTTLS to 143/NONE could help pick up the >>> mail. > > windows 7 just need tls 1.0, why its need to disabled all, is as well > beyong me, do not disable tls 1.0 in dovecot aslong one have windows > 7 clients Would anyone

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a

Is there a script available that will automatically update the apache configs from CentOS 7 to "pass" the latest "vulnerability scans" by removing the older cyphers like TLSv1.0 protocol: and others that get flagged by vulnerability scans ??? Thanks, Jerry

Stop paranoia? Tlsv1.0 is not recommended when storing credit card data. Eero Hi List, Does anyone know why the above URL is still using TLS V1.0. I can't connect to it unless I enable TLS V1.0 which I was under the impression that it should not be used anymore. Thanks for any enlightenment. Steve -- _______________________________________________ CentOS mailing list CentOS at

Am 02.12.2014 um 17:33 schrieb Darren Pilgrim: > On 12/2/2014 1:32 AM, Reindl Harald wrote: >>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>>> ssl_dh_parameters_length = 2048 >>>> ssl_parameters_regenerate = 0 >>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >>> >>> But why does ssl_protocols behave

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 31/05/2020 07:36 Mark Constable <<a href="mailto:markc@renta.net">markc@renta.net</a>> wrote: </div> <div> <br>

On 5/31/20 11:54 AM, Aki Tuomi wrote: > >> On 31/05/2020 07:36 Mark Constable <markc at renta.net >> <mailto:markc at renta.net>> wrote: >> >> >> I currently use Ubuntu 20.04 with Dovecot 2.3.7.2 and OpenSSL 1.1.1f. >> >> A few months ago there was an update to all these systems and since >> then I've had to talk W7 and old Mac

The init functions are not longer required in OpenSSL 1.1 so I dropped them. TLSv1_client_method() should not be used because it enables only the TLSv1.0 protocol. Better is to use SSLv23_client_method() which enable all the protocols including TLSv1.2. With this functions SSLv2 and SSLv3 is theoretically possible but as of today those protocols are usually build-time disabled. To avoid all this

On Fri, 25 Mar 2016 16:50, Eero Volotinen wrote: > > Stop paranoia? Tlsv1.0 is not recommended when storing credit card data. > > Eero > Hi List, > > Does anyone know why the above URL is still using TLS V1.0. > > I can't connect to it unless I enable TLS V1.0 which I was under the > impression that it should not be used > anymore. > > Thanks for any

You should 'yum update' as soon as possible to resolve this issue. Here's why you should care: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Links to the centos updates: CentOS-5: http://lists.centos.org/pipermail/centos-announce/2014-September/020582.html CentOS-6:

All; I have a Fedora 26 server that I am trying to compile asterisk-certified-13.13-cert6 on. However, I'm getting the following errors. I'm also having a tough time trying to compile Dahdi. I'm not sure what I'm missing, but if anyone else is running Fedora, I'd really appreciate any help at all. Thanks Much; John V. make[1]: Leaving directory

Hi, I came up with the following patch while trying to figure out a good solution for the situation described in Debian bug #871987[1]. In short, OpenSSL in Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that unless an application requests otherwise, only TLSv1.2 is supported. In the world of e-mail this is seemingly an issue, as there are still way too many old clients

The following updates address POODLE on CentOS: CentOS-5: http://lists.centos.org/pipermail/centos-announce/2014-October/020696.html CentOS-6.5: http://lists.centos.org/pipermail/centos-announce/2014-October/020697.html CentOS-7: http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html Please note that the CentOS-6.5 updates are built from: openssl-1.0.1e-30.el6_5.2.src.rpm

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, As most of you already know, there is an important SSLv3 vulnerability (CVE-2014-3566 - see https://access.redhat.com/articles/1232123) , known as Poodle. While it's easy to disable SSLv3 in the allowed Protocols at the server level (for example SSLProtocol All -SSLv2 -SSLv3 for apache), some clients are still defaulting to SSLv3, and Koji

I have file a bug and modified the source code to make samba4 do not use SSLV3, but I am not able to make a patch to this. https://bugzilla.samba.org/show_bug.cgi?id=11076 -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Mario Pio Russo Sent: Wednesday, July 08, 2015 4:48 PM To: samba at lists.samba.org Subject: [Samba] Samba

Hi, how do I protect dovecot 1.2.17 against poodle? Br /Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>

Hi all, Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4. I am using the following: tls enabled = yes tls keyfile = tls/myKey.pem tls certfile = tls/myCert.pem tls cafile = With a self-signed cert. But when I remote connect from another host using: openssl s_client -showcerts -connect samba4-dc:636 -ssl3 I get a successful