Displaying 20 results from an estimated 300 matches similar to: "Dovecote 1.2.17 poodle"
2012 Mar 20
1
IMAP and POP3 per SSL
Hi!
I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before.
Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server.
The security scanner found an error regarding a new SSL security leak named "BEAST". The
2003 Apr 11
2
How often should an encrypted session be rekeyed?
Using OpenSSL, is there a preferred/recommended rate of rekeying an
encrypted stream of data? Does OpenSSL handle this for developers
behind the scenes? Does it even need to be rekeyed?
Thanks in advance. -sc
--
Sean Chittenden
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 202 bytes
Desc: not available
2011 Oct 13
1
[PATCH] Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low
# HG changeset patch
# User Cristian Rodr?guez <crrodriguez at opensuse.org>
# Date 1318533592 10800
# Node ID c15d6befe20082009cb40926afa208ab4b684818
# Parent 962df5d9413a4a0fcc68aacc1df0dca7a44a0240
Use SSL_MODE_RELEASE_BUFFERS if available to keep memory usage low.
diff -r 962df5d9413a -r c15d6befe200 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Wed
2017 Sep 13
2
[RFC master-2.2 0/1] Support OpenSSL 1.1 API for setting allowed TLS versions
Hi,
I came up with the following patch while trying to figure out a good solution
for the situation described in Debian bug #871987[1]. In short, OpenSSL in
Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that
unless an application requests otherwise, only TLSv1.2 is supported. In the
world of e-mail this is seemingly an issue, as there are still way too many old
clients
2012 Mar 08
1
disabling SSLv2 in dovecot 1.2.17
I've set up a list of ciphers that excludes SSLv2 ciphers (and other weak
ones) in the hope of preventing SSLv2 connections:
ssl_cipher_list = TLSv1+HIGH : !SSLv2 : RC4+MEDIUM : !aNULL : !eNULL : !3DES
: @STRENGTH
However, this doesn't prevent the SSLv2 connection being allowed as our Nessus
scans show and I'm tasked with trying to plug that "hole".
I see Dovecot2 had
2013 Sep 10
2
dovecot and PFS
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
2015 Apr 17
2
Disable SSLv3 in sendmail in CentOS 5
RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes
sendmail-8.13.8-ssl-opts.patch which adds support for disabling SSLv3 and
SSLv2 in sendmail.cf
But as far as I can see there is no support in sendmail.mc - I can't see
how to compile sendmail.mc to get the required line ServerSSLOptions in
sendmail.cf
Does anyone know how to do this ?
--
Andrew Daviel, TRIUMF, Canada
2015 Jul 04
1
sendmail tls and oppenssl
Am 04.07.2015 um 15:34 schrieb Gregory P. Ennis <PoMec at PoMec.Net>:
> On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote:
>> Everyone,
>>
>> Looks like the new version of oppenssl has broken my sendmail's use
>> of
>> tls. Has anyone else had this problem or seen a fix?
>>
>> Greg Ennis
>>
2010 Oct 01
4
Patching openssl rpms
Running CentOS release 5.5.
I'm trying to update or patch an SRPMS file, specifically
openssl-0.9.8e-12.el5_4.6.src.rpm.
Basically, I'm trying to change one line in the source, in ssl/ssl.h. I create
a "diff ?u" file called openssl-ssl-h.patch.
I then edit the openssl.spec file, and add 2 lines to that in the appropriate
place:
Patch88: openssl-ssl-h.patch
And
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Good Day All
Sorry if this is a repeated email, but I need some information about how to
disable SSL on a Samba4.2.2 AD domain controller as the nessus scanner is
reporting the POODLE vulnerability and we are not allowed to have any of
that in our environment.
the nessus scan reports poodle vulnerability on all these ports:
443, 636, 3269
I had a look at previous posts but couldn't find a
2015 Jul 08
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Thanks Kelvin
I'm a bit confised tho, is this patch already avaiable? if yes, what is the
parameter that disable ssl into the smb.conf? Maybe the guys from
Enterprise samba have already included the patch into their releases so
it's just a maatter of enabling the flag.
I'm using sernet-samba-4.2.2
Thanks!
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
Hi all,
As I reported earlier (with a typo in the work [BUG]) client
certification validation *does not* work even if you do everything
exactly according to all documentation and attempts at helpful advice.
I have seen this issue with both startssl.com and self-signed
certificates, and based on what I've seen from searching the web, this
is a problem that has gotten little attention because
2018 Jul 29
4
2.3.2.1 - EC keys suppport?
>> facing [ no shared cipher ] error with EC private keys.
> the client connecting to your instance has to support ecdsa
>
>
It does - Thunderbird 60.0b10 (64-bit)
[ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
It seems there is a difference between the private key (rsa vs. ecc ->
SSL_CTX?) used for the certificate signing request and the signed
certificate.
The csr
2007 Jun 11
2
SSL_CTX_set_info_callback problem in latest source
In the file ./src/login-common/ssl-proxy-openssl.c appears the code:
if (verbose_ssl)
SSL_CTX_set_info_callback(ssl_ctx, ssl_info_callback);
It appears the SSL_CTX_set_info_callback symbol only occurs in the
openssl development branch starting with 0x00909000L as this symbol
is missing from openssl 0.9.8b and 0.9.8e (no check of the latest
nightly snapshot of the stable 0.9.8 branch).
2017 Aug 26
3
[PATCH] Add support for lower TLS version than default
The openssl library in Debian unstable (targeting Buster) supports
TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0.
If the admin decides to also support TLS1.[01] users he can then enable
the lower protocol version in case the users can't update their system.
Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
src/config/all-settings.c
2014 Oct 16
1
POODLE on CentOS
The following updates address POODLE on CentOS:
CentOS-5:
http://lists.centos.org/pipermail/centos-announce/2014-October/020696.html
CentOS-6.5:
http://lists.centos.org/pipermail/centos-announce/2014-October/020697.html
CentOS-7:
http://lists.centos.org/pipermail/centos-announce/2014-October/020695.html
Please note that the CentOS-6.5 updates are built from:
openssl-1.0.1e-30.el6_5.2.src.rpm
2014 Oct 17
1
POODLE and TLSv1
I read this on the RHN commentary respecting cve-2014-3566:
https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/:
. . .
The first aspect of POODLE, the SSL 3.0 protocol vulnerability, has already
been fixed through iterative protocol improvements, leading to the current TLS
version, 1.2. It is simply not possible to address this in the context of the
SSL 3.0
2014 Nov 04
2
Samba 4 - disabling SSLv3 to mitigate POODLE effects
Hi all,
Am trying to find a way to disable SSLv3 protocol in smb.conf on Samba4.
I am using the following:
tls enabled = yes
tls keyfile = tls/myKey.pem
tls certfile = tls/myCert.pem
tls cafile =
With a self-signed cert.
But when I remote connect from another host using:
openssl s_client -showcerts -connect samba4-dc:636 -ssl3
I get a successful
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
# HG changeset patch
# User David Hicks <david at hicks.id.au>
# Date 1373085976 -36000
# Sat Jul 06 14:46:16 2013 +1000
# Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e
# Parent 1fbac590b9d4dc05d81247515477bfe6192c262c
login-common: Add support for ECDH/ECDHE cipher suites
ECDH temporary key parameter selection must be performed during OpenSSL
context initialisation before ECDH and
2019 Jun 07
1
Problem with opusfile & ndk
Hi Xiph.org Team.
We are using opusfile library <https://github.com/xiph/opusfile> for
streaming *.opus* audio in our projects.
But now we have a problem with building opusfile library for android with
*ndk-build*.
In particular, with arm64-v8a platform: Google removed <sys/timeb.h> from
android.
And now building opusfile with nkd-build crashes with error "fatal error: