Displaying 20 results from an estimated 8000 matches similar to: "Disabling SSLv3 protocol"
2016 Nov 15
1
[PATCH] ssl: fix reference to SSLv2 and disable SSLv3
This is driven by the fact that OpenSSL 1.1 does not know about SSLv2 at
all and dovecot's defaults simply make OpenSSL error out with "Unknown
protocol 'SSLv2'"[1]. So we change the defaults to refer to SSLv2 iff OpenSSL
seems to know something about it.
While at it, it's also a good idea to disable SSLv3 by default as well.
[1] https://bugs.debian.org/844347
2018 Jul 29
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
Hello,
I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
In: 10-ssl.conf there are two parameters:
ssl_protocols
ssl_cipher_list
ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?.
If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in
2018 Jul 30
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
> On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote:
>
> Am 29.07.2018 um 21:02 schrieb J Doe:
>> Hello,
>> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
>> In: 10-ssl.conf there are two parameters:
>> ssl_protocols
>> ssl_cipher_list
>> ssl_protocols is commented with ?SSL protocol to
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Thanks Kelvin
I'm a bit confised tho, is this patch already avaiable? if yes, what is the
parameter that disable ssl into the smb.conf? Maybe the guys from
Enterprise samba have already included the patch into their releases so
it's just a maatter of enabling the flag.
I'm using sernet-samba-4.2.2
Thanks!
2015 Mar 20
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
Connecting to dovecot with ssl3 causes imap-login to die:
$ openssl s_client -connect localhost:993 -ssl3
CONNECTED(00000003)
4277630796:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure:s3_pkt.c:1461:SSL alert number 40
4277630796:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake
failure:s3_pkt.c:645:
---
no peer certificate available
---
No client certificate
2015 Jan 09
4
dovecot on wheezy, best ssl configuration ?
Hi all, when hardening dovecot against the POODLE vulnerability,
we followed the advise to disable SSL2 and SSL3
but this is giving problems with some email clients (claws-mail).
ssl_protocols = !SSLv2 !SSLv3
results in the following error:
dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>,
rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed:
error:1408A0C1:SSL
2015 Mar 21
2
imap-login SSLv3 causes signal 11, core dump and DoS. ssl_protocols = ??
On 20/03/2015 18:24, Timo Sirainen wrote:
>> Connecting to dovecot with ssl3 causes imap-login to die:
>>
>> Mar 20 11:30:35 MAILHOST dovecot: [ID 583609 mail.crit] imap-login: Fatal: master: service(imap-login): child 21918 killed with signal 11 (core dumped) [last ip=127.0.0.1]
>
> I can't reproduce it. I tried it with the same ssl_* settings you had. Can you get a
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 1:32 AM, Reindl Harald wrote:
>
> Am 02.12.2014 um 06:44 schrieb Will Yardley:
>> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
>>> On 12/1/2014 4:43 PM, Will Yardley wrote:
>>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config
>>>> (in a way that's sane)?
>>>
>>>> Is there a
2014 Dec 02
2
disabling certain ciphers
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
ssl_protocols (>= 2.1)
and
ssl_cipher_list
co-exist, or are they mutually exclusive?
I have a Dovecot 2.2.13 system, and I tried setting:
I also tried things like
ssl_cipher_list = HIGH
or
ssl_cipher_list = HIGH:!MEDIUM:!LOW
however, doing this seems to make v3 still work unless I
2014 Dec 02
4
disabling certain ciphers
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
> On 12/1/2014 4:43 PM, Will Yardley wrote:
> > Can you use both ssl_protocols *and* ssl_cipher_list in the same config
> > (in a way that's sane)?
>
> > Is there a way to exclude these ciphers, while still keeping my config
> > easy to parse and avoiding duplicative or deprecated configs?
>
>
2015 Mar 15
2
Dovecot 2.1.7 still accepting SSLv3 though disabled?
Hello,
I came across a strange problem with my Dovecot 2.1.7 installation
(updated Debian Wheezy) in regards to SSL/TLS connections.
My configuration is as follows:
$ dovecot -n | grep ssl
service imap-login {
ssl = yes
...
}
ssl_cert = <......
ssl_cipher_list =
2015 Jan 09
2
dovecot on wheezy, best ssl configuration ?
Hi thanks for your help!
Trying to set your same parameters, when restarting dovecot, gives the
error:
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line 136: Unknown setting: ssl_prefer_server_ciphers
doveconf: Error: managesieve-login: dump-capability process returned 89
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line 136: Unknown setting:
2015 Feb 06
2
TLS config check
Hi All
First the essentials:
dovecot --version: 2.2.15
/usr/local/etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert =
</usr/local/openssl/certs/mail.domain.com.chained.dovecot.ecdsa.crt
ssl_key = </usr/local/openssl/certs/mail.domain.com.ecdsa.key
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list =
2015 Feb 02
2
Per-protocol ssl_protocols settings
Hi all,
I have a question regarding the "ssl_protocols" parameter.
I understand that editing the 10-ssl.conf file I can set the
ssl_protocols variable as required.
At the same time, I can edit a single protocol file (eg: 20-pop3.conf)
to set the ssl_protocols for a specific protocol/listener.
I wander if (and how) I can create a different listener for another POP3
instance, for
2015 Feb 09
2
Per-protocol ssl_protocols settings
Sorry for the bump...
Anyone know if it is possible to have multiple protocols instances with
different ssl_protocols settings?
Regards.
On 07/02/15 00:03, Gionatan Danti wrote:
> Hi all,
> anyone with some ideas?
>
> Thanks.
>
> Il 2015-02-02 23:08 Gionatan Danti ha scritto:
>> Hi all,
>> I have a question regarding the "ssl_protocols" parameter.
2014 Nov 04
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Hi all,
Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4.
I am using the following:
tls enabled = yes
tls keyfile = tls/myKey.pem
tls certfile = tls/myCert.pem
tls cafile =
With a self-signed cert.
But when I remote connect from another host using:
openssl s_client -showcerts -connect samba4-dc:636 -ssl3
I get a successful
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Good Day All
Sorry if this is a repeated email, but I need some information about how to
disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is
reporting the POODLE vulnerability and we are not allowed to have any of
that in our environment.
the nessus scan reports poodle vulnerability on all these ports:
443, 636, 3269
I had a look at previous posts but couldn't find a
2015 Jan 05
2
'ssl_cipher_list' setting
Hi, I am Yoshi, Japanese.
I used
FreeBSD 10.1
Dovecot 2.2.15
I want pop3s, so I made
/usr/local/etc/dovecot/local.conf
ssl = yes
ssl_cert = </usr/local/etc/dovecot/server.pem
ssl_key = </usr/local/etc/dovecot/server.key
ssl_ca = </usr/local/etc/dovecot/ca.pem
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLV3:!EXP:!aNULL:!RC4
It's work fine.
But, change
2014 Oct 19
3
Dovecote 1.2.17 poodle
Hi, how do I protect dovecot 1.2.17 against poodle?
Br
/Marc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>
2014 Oct 31
1
SSLv3 attack on pop3?
We turned off SSLv3 support on our pop/imap running dovecot on Oct 16th,
we did check that all users where using TLSv1 and there have been no
complaints (except one old windows-phone).
But at 13:00 UTC today, suddenly strange entries is seen in the logfile:
Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3
alert unexpected message: SSL alert number 10
Followed