Displaying 20 results from an estimated 1000 matches similar to: "New FREAK SSL Attack CVE-2015-0204"
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
On 04.03.2015 18:19, Emmanuel Dreyfus wrote:
> On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
>> Hello,
>> about the CVE-2015-0204, in apache the following config seems to disable
>> this vulnerability:
>> SSLProtocol All -SSLv2 -SSLv3
>> SSLCipherSuite
>> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>>
>> Is
2013 Sep 10
2
dovecot and PFS
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
2015 Mar 04
0
New FREAK SSL Attack CVE-2015-0204
On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
> Hello,
> about the CVE-2015-0204, in apache the following config seems to disable
> this vulnerability:
> SSLProtocol All -SSLv2 -SSLv3
> SSLCipherSuite
> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>
> Is something similar possible with dovecot ?
I use this with some succes:
# dovecot
2015 Jan 26
3
Apache and SSLv3
Hi list,
I'm configuring apache with https and I've a question about sslv3
deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128)
Mac=AEAD
.........
Each lines report relative protocol.
Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:
2017 Apr 26
3
Apache + SSL: default configuration rated "C" by Qualys Labs
On 26 April 2017 at 13:16, Steven Tardy <sjt5atra at gmail.com> wrote:
>
>> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs <info at microlinux.fr> wrote:
>>
>> The site is rated "C"
>
> The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is excellent for getting apache tls config up-to-date.
>
>
2017 Jan 17
3
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file
# SSL protocols to use
ssl_protocols = !SSLv2
# SSL ciphers to use
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
I have seen different configurations while Googling. I am wondering
what the consensus is for the best settings for these two items. What
do the developers recommend?
Thanks!
--
Jerry
2015 Mar 04
0
New FREAK SSL Attack CVE-2015-0204
On Wed, Mar 04, 2015 at 06:36:07PM +0200, Adrian Minta wrote:
> Thank you for the answer.
> The "!EXPORT" part is included in "ECDH at STRENGTH:DH at STRENGTH:HIGH", or it
> must be added as well ?
This is not the cipher list I sent. It was:
ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNUL
Mine does not contain any export cipher, yours does.
You can
2017 Apr 26
4
Apache + SSL: default configuration rated "C" by Qualys Labs
Hi,
I'm currently experimenting with a public server running CentOS 7. I
have half a dozen production servers all running Slackware Linux, and I
intend to progressively migrate them to CentOS, for a host of reasons
(support cycle, package availability, SELinux, etc.) But before doing
that, I have to figure out a few things that work differently under
CentOS. Apache and SSL behave quite
2020 Jan 10
2
Dovecot HA/Resilience
Also you should probably use dovecot director to ensure same user sessions end up on same server, as it's not supported to access same user on different backends in this scenario.
Aki
> On 10/01/2020 19:49 Adrian Minta <adrian.minta at gmail.com> wrote:
>
>
>
> Hello,
>
> you need to "clone" the first server, change the ip address, mount the same
2020 Jan 10
3
Dovecot HA/Resilience
Thank you all for the replies....
I have the test environment with the same configuration. But I have been
asked to go with same environment for HA/Resilience in Live.
Yes, I have only one Live server. It is configured in "Maildir" format. The
data stores on a Network / Shared Storage (But definitely not local disk,
its a mount point).
I have been asked to create a HA/Resilience for
2015 May 26
6
FREAK/Logjam, and SSL protocols to use
List, good afternoon,
I was reading up on a TLS Diffie Hellman protocol weakness described here
https://weakdh.org/sysadmin.html
which is similar to the earlier FREAK attack, and can result in
downgrade of cipher suites.
Part of the solution workaround that the researchers describe for
Dovecot here
https://weakdh.org/sysadmin.html
includes altering DH parameters length to 2048, and
2013 May 05
5
dovecot 2.2.0 corrupts mailboxes?
Hi
On april 17th, I upgraded from dovecot 2.1.13 to 2.2.0. Since that time,
I had two different users that reported received three incident of
messages that disapeared from their mailboxes.
The mailbox format is mbox on local FFS filesystem (no NFS), and I use
filesystem quotas (but both users are far from filling their quotas).
When the message disapeared, it was always a whole rand of dates.
2016 Feb 29
4
Problems with ProxyPass to a local ip (using SSL)
Hi all,
I am trying to setup an apache virtualhost under CentOS 6.7 that needs to redirects requests from port 444 to port 5100 in its local ip. But I am doing some mistakes because every time I'm receiving a loop error.
My actual httpd's config for this virtualhost is:
NameVirtualHost 192.168.1.5:444
<VirtualHost 192.168.1.5:444>
ServerName myweb01.local.domain
ErrorLog
2020 Jan 11
1
Dovecot HA/Resilience
If you just want active/standby, you can simply use corosync/pacemaker as other already suggest and don?t use Director.
I have a dovecot HA server that uses floating IP and pacemaker to managed it, and it works quite well.
The only real hard part is having a HA storage.
You can simply use a NFS storage shared by both servers (as long as only one has the floating IP, you won?t have issue with the
2009 Sep 20
2
SSL and virtual hosts?
Hi,
I successfully managed to use SSL on a local webserver for testing
purposes, following the section "Using SSL" in the Chapter "Using
Apache" of the "Definitive Guide to CentOS". Now I wonder: how can I use
SSL with virtual hosts?
I have several virtual hosts defined. Let's say I want to use SSL with
this one:
<VirtualHost *:80>
ServerAdmin info
2013 Jul 23
3
Debugging Puppetmaster with Apache/Rack/Passenger
Hi,
I''m currently trying to debug a performance issue I''m having. Therefore I
would need "DEBUG" output. When using one puppetmaster process, this is
fairly easy by starting it like this:
> puppet master --no-daemonize --debug
Now I need to see this debug output when running puppetmaster the way I
ususally do - using Apache/Rack/Passenger. After looking
2013 May 30
4
Could not request certificate: Error 405 on SERVER
Hi all,
I have experience using puppet, however I am new to setting puppet up as it
was already done for me in past environments. I am running into an issue
while trying to set puppet up for the first time on RHEL 6.4. I was hoping
y''all might be able to help me!
I get the following error from the puppet client''s /var/log/messages log:
May 30 07:06:30 pclient
2009 Aug 26
1
ssl certificate, maximum protection, on the budget?
Hello,
I've got a client who wants to go ssl. He's running a web server,
smtp/pop, and ftps and imaps is coming as well. I'm looking for a wildcard
ssl certificate i believe it's called but one on the budget plan. I am also
wanting to ensure that the mod_ssl with httpd on the server is only using
the strongest encryption methods and protocols.
Thanks.
Dave.
2010 Aug 20
5
puppet dashboard gui looks odd from apache2
I downloaded the puppet-dashboard.git from
http://github.com/puppetlabs/puppet-dashboard and did the installation
in my
ubuntu lucid puppet server following the steps in "Installation".
Now I can run it fine using the WEBrick like this
root@sys-ubuntu { ~/git/puppet-dashboard }$ ./script/server -e production
=> Booting WEBrick
=> Rails 2.3.5 application starting on
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
Hi!
I''ve installed puppetmaster 2.7.13 on a server with CentOS 6.2 with a rpm
supplied by yum.puppetlabs.com.
I''ve setup a apache2 vhost with mod_ssl and passenger. The server is
configured to autosign the cert requests.
The agent installed on the puppetmaster''s server works fine. I''ve a second
agent on a server which can sync with the server too. This