similar to: Dovecot stops responding when I update SSL certificate

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

Thanks Joseph, Aki, but something missing from upgrade document, where does the dh param file go? I located ssl-parameters.dat so I will put it there. Quoting Joseph Tam <jtam.home at gmail.com>: > On Fri, 22 Jun 2018, Joseph Tam wrote: > >> However, recent advances make this condition obsolete [*] and not >> really safer, so a much faster way to generate a DH key is

Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes: >> Mine are below and they work just fine: >> >> ssl_cipher_list = >>

On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > doveconf -n? doveconf -n|grep ssl should suffice: ssl = required ssl_ca = </usr/local/share/certs/ca-root-nss.crt ssl_cert = </path/to/my/file.pem ssl_key = </path/to/my/file.pem ssl_require_crl = no I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a temporary workaround, even though this is not what

> doveadm who -1 2>/dev/null | wc -l You have to redirect stderr to /dev/null because that's where the first header line is written to. The default format style (table) is inconsistent with the other formats (flow,pager,tab) that write headers and data to stdout. The following patch will pick this nit. This patch will require modifications to scripts that rely on doveadm writing

Hi! I'm a new LLVM user. I want to start using the LLVM System v2.3. However, I don't want to spend all my time hunting, pecking, downgrading, and/or upgrading packages to get LLVM v2.3 running. I was wondering which Linux distrubutions(FC7, Ubuntu, NetBSD, etc) have required the least effort out of the box to start running LLVM v2.3. tia, Bernardo Elayda -------------- next part

Am 2017-12-12 um 09:56 schrieb Aki Tuomi: > > > On 12.12.2017 02:59, Jakob Sch?rz wrote: >> Hi! [...] > > With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself. > > You can generate suitable parameters with openssl gendh 2048 (or 4096). > Make sure you run it on something that has plenty of entropy available, > it will take some time.

> On October 27, 2017 at 11:27 PM Joseph Tam <jtam.home at gmail.com> wrote: > > > Aki Tuomi wrote: > > > The use of salt, today, is to prevent the attacker from directly seeing > > who has same passwords. Of course it also will make a rainbow table > > attack less useful, > > Not just less useful, but almost infeasible. Given the use of random

I see there are still some floating point operations left in the codec init(ialization) code. Changing that code to fixed point is not only difficult (due to the trigonometric functions etc) but may also degrade the precision. Here is an idea whereby we can easily precompute (record) all those values on a powerful processor and then use (replay) them on an embedded processor / DSP. The only

On Fri, 22 Jun 2018, Aki Tuomi wrote: >> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert >> ssl-parameters.dat but how to make a new one? > > ... or you can make a fresh one using openssl > gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 > Note that this will require quite a lot of entropy, so you should > probably

S?ren Peter Skou <sps at DanskKabelTV.dk> writes: > I've experienced that IMAP/IMAPS stops responding. To restore service > there is only one way, restart Dovecot completely. This leads to > services being interrupted for some people, so it seems to only affect > some of the users on the server. But POP3/POP3s is still running > happily. Also, it happens more as we

The git master branch starts tracking Dovecot v2.3 development from now on. There are soon going to be several API changes there that might break plugins. If you wish to keep tracking latest v2.2.x development instead, switch to master-2.2 branch. The nightly releases at http://dovecot.org/nightly/ will also track v2.3 tree.

The git master branch starts tracking Dovecot v2.3 development from now on. There are soon going to be several API changes there that might break plugins. If you wish to keep tracking latest v2.2.x development instead, switch to master-2.2 branch. The nightly releases at http://dovecot.org/nightly/ will also track v2.3 tree.

Hello, I'm using a dovecot as proxy, connecting to one or more backends. The backends use X.509 certificates. The proxy's passdb returns extra fields: user=foo proxy host=backend1.<domain> ssl=yes nopassword=y Thus the proxy connects to the backend but can't verify the backends certificate. The following comment suggests using ssl_client_ca_file for

On Tuesday 08 of December 2015, Gerhard Wiesinger wrote: > On 07.12.2015 20:13, Timo Sirainen wrote: > > http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz > > http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig > > > > This could be (one of) the last v2.2.x release. We're starting v2.3 > > development soon. > > Great! > > What's on

Hello Dovecot users, Here is the Pigeonhole release candidate that goes with the Dovecot v2.3 release candidate. Of course, a large part of this release consists of compatibility changes for Dovecot v2.3. Apart from that, not much changed, just a few additions and fixes that accumulated over the last few months. Most of these changes will be back-ported to Pigeonhole v0.4, but that release will

Hello Dovecot users, Here is the Pigeonhole release candidate that goes with the Dovecot v2.3 release candidate. Of course, a large part of this release consists of compatibility changes for Dovecot v2.3. Apart from that, not much changed, just a few additions and fixes that accumulated over the last few months. Most of these changes will be back-ported to Pigeonhole v0.4, but that release will

http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login:

http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig This could be (one of) the last v2.2.x release. We're starting v2.3 development soon. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: