similar to: disabling certain ciphers

Displaying 20 results from an estimated 1000 matches similar to: "disabling certain ciphers"

2014 Dec 02
4
disabling certain ciphers
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > On 12/1/2014 4:43 PM, Will Yardley wrote: > > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > > (in a way that's sane)? > > > Is there a way to exclude these ciphers, while still keeping my config > > easy to parse and avoiding duplicative or deprecated configs? > >
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a
2014 Dec 02
2
disabling certain ciphers
On Tue, Dec 02, 2014 at 08:34:50AM -0800, Darren Pilgrim wrote: > On 12/1/2014 9:44 PM, Will Yardley wrote: > > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > >> On 12/1/2014 4:43 PM, Will Yardley wrote: > >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config > >>> (in a way that's sane)? > >> >
2018 Oct 06
1
TLS handshake failure - Client Helo rejected
Hi, I can no longer connect to Dovecot (IMAP). The connection is terminated by Dovecot after Client Helo. My server: Dovecot 2.3.3 Debian buster/sid Architecture: ppc My problems started in late August after upgrading Dovecot. SSL settings: ssl_dh = </etc/ssl/dh2048.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list =
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 10:05 AM, Will Yardley wrote: > I had some problems the first few times I restarted with ssl-params > seeming to hang, but it finally works. That would have been dovecot generating the 4096-bit DH parameters. It can take a bit, but Dovecot is quite fast at it. If Dovecot supported it, you could use OpenSSL to generate tested-safe DH parameters and supply them by file the
2015 Jan 16
4
Outlook and TLSv.1
Hi Folks, after adding TLSv1.2 to by TLS options a lot of Outlook users complaint about connection errors, openssl s_client and Thunderbird works fine. I found some posts about this but none of them had a real solution on this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 ssl_cert = </var/qmail/control/servercert.pem
2017 Jan 17
3
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend? Thanks! -- Jerry
2015 May 26
6
FREAK/Logjam, and SSL protocols to use
List, good afternoon, I was reading up on a TLS Diffie Hellman protocol weakness described here https://weakdh.org/sysadmin.html which is similar to the earlier FREAK attack, and can result in downgrade of cipher suites. Part of the solution workaround that the researchers describe for Dovecot here https://weakdh.org/sysadmin.html includes altering DH parameters length to 2048, and
2014 Dec 02
0
disabling certain ciphers
Am 02.12.2014 um 06:44 schrieb Will Yardley: > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >> On 12/1/2014 4:43 PM, Will Yardley wrote: >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>> (in a way that's sane)? >> >>> Is there a way to exclude these ciphers, while still keeping my config >>>
2014 Dec 02
0
disabling certain ciphers
On 12/1/2014 9:44 PM, Will Yardley wrote: > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >> On 12/1/2014 4:43 PM, Will Yardley wrote: >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>> (in a way that's sane)? >> >>> Is there a way to exclude these ciphers, while still keeping my config >>> easy
2014 Sep 19
0
Firefox-31 STARTTLS cipher strengh degraded?
Has anyone else experienced a degraded symmetric key exchange when using FF-31 vice FF24? When I use FF24 then I get a symmetric type of AES-256 (Very Strong) rating in Calomel 0.62. When I switch to FF31 and connect to exactly the same server host and url then in Calomel 0.62 I see this instead: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (Very Weak). I am not altering any of the configuration options
2015 Apr 02
4
EL6 EE package dependencies
I've been trying to upgrade Dovecot-ee package (on EL6/x86_64) from 2.2.15.8-1 to 2.2.16.2-1. It's complaining on these two dependencies: liblz4.so.1 libtextcat.so.0 These would both seem to be related to plugins, and don't seem to be required as package dependencies by the RPM from what I can see from the SRPM. Anyone know what packages I need to satisfy these dependencies?
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =
2017 Apr 27
2
confused with ssl settings and some error - need help
Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.
2017 Jan 31
3
Dovecot auth-worker error after cram-md5 auth
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail
2014 Dec 02
0
disabling certain ciphers
On 12/1/2014 4:43 PM, Will Yardley wrote: > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > (in a way that's sane)? > Is there a way to exclude these ciphers, while still keeping my config > easy to parse and avoiding duplicative or deprecated configs? Yes to both. If you need to support older clients: ssl_cipher_list =
2016 Mar 09
2
Client-initiated secure renegotiation
On 09/03/16 10:44, Florent B wrote: > Hi, > > I don't see any SSL configuration option in Dovecot to disable > "Client-initiated secure renegotiation". > > It is advised to disable it as it can cause DDoS (CVE-2011-1473). > > Is it possible to have this possibility through an SSL option or other ? > > Thank you. > > Florent ssl_protocols = !SSLv3
2015 Apr 02
1
EL6 EE package dependencies
On Thu, Apr 02, 2015 at 02:53:26PM -0600, Eric Broch wrote: > On 4/2/2015 1:22 PM, Will Yardley wrote: > > I've been trying to upgrade Dovecot-ee package (on EL6/x86_64) from > > 2.2.15.8-1 to 2.2.16.2-1. It's complaining on these two dependencies: > > > > liblz4.so.1 > > libtextcat.so.0 > > > > These would both seem to be related to plugins,
2017 Feb 01
3
Dovecot auth-worker error after cram-md5 auth
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism
2017 Apr 27
2
confused with ssl settings and some error - need help
Cipher list which You post provide better compatibility or security than those which I currently have? On older software version these cipher list works well and not generate any errors when I run Internal PCI scan test from https://cloud.tenable.com for another server. But for new server with newer software during test I got errors in mail.err. 2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi