similar to: TLSv1.2 support for lftp on CentOS 6.x

On 08/02/2016 06:11 AM, Olivier BONHOMME wrote: > Hello everybody, > > I am writing on that mailing list because I have an issue using lftp and I would > love to have more infos about features available on the LFTP version provided by > CentOS 6. > > I try to connect to a ftp server in secured mode using FTPS explicit and I would > love to use TLSv1.2. > > After

On Tue, Aug 02, 2016 at 07:36:02AM -0500, Johnny Hughes wrote: > The latest lftp in CentOS-6.8 is version: lftp-4.0.9-6.el6_8.2. It was > built on July 12, 2016. > > That was built with nss-3.21.0-8.el6 in the build root. > > If you have the latest installed, it would seem that it should be able > to work. > Hello Johnny, Thanks for your answer. On my system, I'm

On Tue, Aug 02, 2016 at 02:13:31PM +0100, Tom Grace wrote: > On 02/08/2016 12:11, Olivier BONHOMME wrote: > > So my question is : Can lftp provided by CentOS (of course last version in the > > 6.x branch), do TLSv1.2 connection ? > It may not be related, but in the past I have needed to rebuild libNSS > and Curl in CentOS 6 due to an upstream patch the explicitly disabled

On Tue, Aug 02, 2016 at 03:29:07PM +0000, Olivier BONHOMME wrote: > On Tue, Aug 02, 2016 at 02:56:26PM +0000, Olivier BONHOMME wrote: > So the question is: Is that behaviour can be considered as an lftp bug or not ? Hello again, Just answering to myself and the list for a conclusion. lftp in CentOS uses the default priority provided by gnutls and it's not possible to override it in

On 02/08/2016 12:11, Olivier BONHOMME wrote: > So my question is : Can lftp provided by CentOS (of course last version in the > 6.x branch), do TLSv1.2 connection ? It may not be related, but in the past I have needed to rebuild libNSS and Curl in CentOS 6 due to an upstream patch the explicitly disabled TLSv1.2 in the default list of supported versions. As I recall, this was done to

On Tue, Aug 02, 2016 at 02:56:26PM +0000, Olivier BONHOMME wrote: > Hello Tom, > > It's indeed an interesting way. I didn't think about something just disabled. I > browsed, gnutls rpm changelog and I saw this : > > * Thu May 3 2012 Tomas Mraz <tmraz at redhat.com> 2.8.5-7 > - more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default) > > So

Hello again! I have this piece od code: ##################### #lftp will make the backup lftp -u user,password -e "mirror --reverse --delete --only-newer --verbose /var/bkp /test_bkp" somehost.com >> $LOGFILE # end log file date >> $LOGFILE echo "Backup Completo!" >> $LOGFILE ##################### Everything is fine, but the bash scrip dosn't complete

As you might know, LFTP is a popular FTP/SFTP command-line client for most systems. One feature that is lacking from this tool is the ability to do a globbed ls via sftp. I have a patch ready for LFTP that incorporates some of the knowledge [like oddball systems glob() handling] and some of the code from sftp-glob.c for this tool to add this capability. I do, however, have some questions about

Greetings, I have written a script using lftp to mirror one directory from a ftp site. I do not have access to the server except for being a humble user. This is running on a fully updated Centos 5.3 box. I am using whatever is provided by the repositories. I noticed that lftp consumes almost all of cpu times I found this while searching for a solution.

i've maintained a local centos repository at work using rsync, but it seems the corp honchos have decided to block rsync at our firewall, plus its never been 100% reliable, I'd get aborts on protocol errors sometimes several times before pulling down a complete new distro update. i'm trying to figure out how to do this with lftp, and its got me somewhat stymied. I'm testing

I've spent days scouring the Internet and trying various solutions on a problem with my Dovecot installation, so I thought I'd share what I learned in hopes of saving other people a lot of time.? The dedicated Dovecot hands will know all of the following already.? This is for those of us that have to cover a lot of bases. I upgraded my mail server from Ubuntu 18.04.1 to Ubuntu

Hi Folks, after adding TLSv1.2 to by TLS options a lot of Outlook users complaint about connection errors, openssl s_client and Thunderbird works fine. I found some posts about this but none of them had a real solution on this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 ssl_cert = </var/qmail/control/servercert.pem

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a

On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > On 12/1/2014 4:43 PM, Will Yardley wrote: > > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > > (in a way that's sane)? > > > Is there a way to exclude these ciphers, while still keeping my config > > easy to parse and avoiding duplicative or deprecated configs? > >

I read this on the RHN commentary respecting cve-2014-3566: https://securityblog.redhat.com/2014/10/15/poodle-a-ssl3-vulnerability-cve-2014-3566/: . . . The first aspect of POODLE, the SSL 3.0 protocol vulnerability, has already been fixed through iterative protocol improvements, leading to the current TLS version, 1.2. It is simply not possible to address this in the context of the SSL 3.0

Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:

On 2015-04-26 18:15, Philipp Schafft wrote: > I tested with both Mozilla's 'Modern' and 'Intermediate' list. Both > work well with all versions of Icecast (official) as well as current -kh. > In that case my suggestion is for libshout to only focus on using the Modern list then as it explicitly excludes DES and RC4 and MD5. While HMAC-MD5 (for some password uses)

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

Hello all, I'm trying to compile dovecot 2.2.21 on OS-X 10.11.3 and I'm running a bit of trouble with OpenSSL. I've cloned OpenSSL (OpenSSL 1.1.0-pre4-dev) from github and in openssl/ssl.h SSL_TXT_SSLV2 is not defined anymore. Compilation fails with: libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`