similar to: TLSv1.3 support?

On 5/11/2017 1:13 PM, Walter H. wrote: > > will the next update of CentOS 6 (6.10) have TLSv1.3 support? A) Ask Red Hat, I see no date for RHEL 6 update 10 yet. update 9 released 6 or 8 weeks ago, so its likely 3-4 months before update 10 releases. B) afaik, TLS v1.3 hasn't even been ratified yet, its still a draft C) openssl v.1.1.1 which is supposed to support TLS v1.3(draft)

>> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. > > There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread. If the ciphersuite (not cipher for that's a TLSv1.2 term), but a

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

Good $daytime, as per the recommendations of Mozilla?s SSL config generator[0], I wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This produced the error: imap-login: Error: Failed to initialize SSL server context: Unknown ssl_min_protocol setting 'TLSv1.3' After some digging, I found the function that parses this setting in

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

I cannot even reorder the server-side TLSv1.3 such that CHACHA20 has first-order before AES. https://github.com/openssl/openssl/issues/7562

On 08 May 2020, at 09:43, Steve Egbert <s.egbert at sbcglobal.net> wrote: > I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. > Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. >

> On 13/04/2020 12:35 Thomas Schneider <qsx at chaotikum.eu> wrote: > > > Good $daytime, > > as per the recommendations of Mozilla?s SSL config generator[0], I > wanted to set ssl_min_protocol=TLSv1.3 in my dovecot config. This > produced the error: > > imap-login: Error: Failed to initialize SSL server context: Unknown > ssl_min_protocol setting

Also, more testimony to the same problem (by others) is posted over at ServerFault (StackOverflow): https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv1-2 On 5/8/20 11:50 AM, Steve Egbert wrote: > I have an operational need to disable TLSv1.3 due to inadequate support > to exclude certain ciphers. > > Much to my dismay, the `ssl_protocols` had been

Recently thunderbird and Dovecot IMAPS cannot agree on SSL however Evolution, on the exact same system, is working fine with the same accounts. Tried recreating the Dovecot cert and also the thunderbird accounts from scratch. The OpenSSL raw client works fine as well. Would someone also confirm the openssl commands to create a selfsigned cert for dovecot imaps. They cert created does work

I've installed grep PRETTY /etc/os-release PRETTY_NAME="Fedora 32 (Server Edition)" dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 iiuc, Dovecot has apparently had support for setting TLS 1.3 ciphersuites since v2.3.9, per this commit lib-ssl-iostream: Support TLSv1.3 ciphersuites

Hi all, I'm trying to set up my server with support for TLS 1.3 only, but that does not seem to be supported. First off, TLS 1.3 itself does work fine, so it's not the config or ssl library, and 1.3-only works fine with Postfix. The problem is only in disabling TLS 1.2 for Dovecot. On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting". Reading

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

Hello, in /etc/sysconfig/network-scripts/ifcfg-eth0 I have this <ifcfg-eth0> ... IPV6INIT=yes IPV6ADDR=prefix::5 IPV6ADDR_SECONDARIES="prefix::2 prefix::3 prefix::4" IPV6_AUTOCONF=no IPV6_DEFAULTGW=prefix::1 IPV6_DEFAULTDEV=eth0 </ifcfg-eth0> when I enter ifconfig the IPv6 addresses are in a different order <ifconfig> eth0 Link encap:Ethernet HWaddr ... inet addr:...

I found this site https://wiki.centos.org/TipsAndTricks/CentOSUpgradeTool Is this still the case - there is no upgrade path from 6 to 7 ? I have a few remote servers I'd like to upgrade (if possible). Thanks, Jerry

Hello fellow CentOS users, on a freshly installed 7.2 machine and after reading https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/chap-Managing_Services_with_systemd.html I try to enable iptables with following commands: # cat /etc/centos-release CentOS Linux release 7.2.1511 (Core) # rpm -qa | grep iptables iptables-1.4.21-16.el7.x86_64

I am digging a bit into RHEL 7 roadmap info. It seems there are statements that RHEL 7 will only support 64 bit. Is this corrent, and what for Centos 7? Also the ARM info I found was the target is ARMv8 which is 64 bit, not the ARMv7 which is 32bit. Any clearification is appreciated.

I have not been able to enter the edit screen to edit the boot options and add inst.txt On 06/09/2015 10:55 AM, Jonathan Billings wrote: > On Tue, Jun 09, 2015 at 09:16:07AM -0700, JD wrote: >> The screen image I took with my camera can be viewed at >> https://www.sendspace.com/file/4828ej >> >> The questions I have are: >> why VNC ??? VNC is a horribly insecure

hi there, I'm following these documentations to add a file-based disk volume to a KVM guest under Centos 6.0 : http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/chap-Virtualization-Storage_Volumes.html as instructed, I created a "pool" then a "volume", file-based, e.g : mkdir /mnt/raid/kvm_pool1 virsh # pool-define-as pool1 dir - - - -