Displaying 20 results from an estimated 4000 matches similar to: "Dovecot stops responding when I update SSL certificate"
2017 Oct 27
3
Password encription
Aki Tuomi wrote:
> The use of salt, today, is to prevent the attacker from directly seeing
> who has same passwords. Of course it also will make a rainbow table
> attack less useful,
Not just less useful, but almost infeasible. Given the use of random
salts, you would have to generate (number of possible salts) rainbow
tables. This drastically changes the CPU/storage tradeoffs.
>
2018 Jun 25
1
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
Thanks Joseph, Aki, but something missing from upgrade document, where
does the dh param file go? I located ssl-parameters.dat so I will put
it there.
Quoting Joseph Tam <jtam.home at gmail.com>:
> On Fri, 22 Jun 2018, Joseph Tam wrote:
>
>> However, recent advances make this condition obsolete [*] and not
>> really safer, so a much faster way to generate a DH key is
2018 Jan 08
1
TLS problem after upgrading from v2.2 to v2.3
Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes:
>> Mine are below and they work just fine:
>>
>> ssl_cipher_list =
>>
2019 Aug 06
7
Upgrading to v2.3.X breaks ssl san?
2015 Sep 21
4
Dovecot proxy ignores trusted root certificate store
On Mon, 21 Sep 2015, Edgar Pettijohn wrote:
> doveconf -n?
doveconf -n|grep ssl should suffice:
ssl = required
ssl_ca = </usr/local/share/certs/ca-root-nss.crt
ssl_cert = </path/to/my/file.pem
ssl_key = </path/to/my/file.pem
ssl_require_crl = no
I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a
temporary workaround, even though this is not what
2015 Mar 19
3
Patch for "doveadm -f table" nit (was Re: Dovecot current number of connections being used.)
> doveadm who -1 2>/dev/null | wc -l
You have to redirect stderr to /dev/null because that's where the
first header line is written to. The default format style (table)
is inconsistent with the other formats (flow,pager,tab) that write
headers and data to stdout.
The following patch will pick this nit. This patch will require
modifications to scripts that rely on doveadm writing
2008 Aug 15
4
[LLVMdev] Which linux distribution required the least effort to install LLVM 2.3?
Hi!
I'm a new LLVM user.
I want to start using the LLVM System v2.3. However, I don't want to spend
all my time hunting, pecking, downgrading, and/or upgrading packages to get
LLVM v2.3 running. I was wondering which Linux distrubutions(FC7, Ubuntu,
NetBSD, etc) have required the least effort out of the box to start running
LLVM v2.3.
tia,
Bernardo Elayda
-------------- next part
2017 Dec 13
1
TLS Error and not working lmtp
Am 2017-12-12 um 09:56 schrieb Aki Tuomi:
>
>
> On 12.12.2017 02:59, Jakob Sch?rz wrote:
>> Hi!
[...]
>
> With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself.
>
> You can generate suitable parameters with openssl gendh 2048 (or 4096).
> Make sure you run it on something that has plenty of entropy available,
> it will take some time.
2017 Oct 27
0
Password encription
> On October 27, 2017 at 11:27 PM Joseph Tam <jtam.home at gmail.com> wrote:
>
>
> Aki Tuomi wrote:
>
> > The use of salt, today, is to prevent the attacker from directly seeing
> > who has same passwords. Of course it also will make a rainbow table
> > attack less useful,
>
> Not just less useful, but almost infeasible. Given the use of random
2005 Sep 26
1
Precomputing the remaining floating point operations.
I see there are still some floating point operations left in the codec
init(ialization) code. Changing that code to fixed point is not only
difficult (due to the trigonometric functions etc) but may also degrade the
precision.
Here is an idea whereby we can easily precompute (record) all those values
on a powerful processor and then use (replay) them on an embedded processor
/ DSP. The only
2018 Jun 22
2
upgrade 2.2 to 2.3, diffie-hellman, ssl_min_protocol
On Fri, 22 Jun 2018, Aki Tuomi wrote:
>> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert
>> ssl-parameters.dat but how to make a new one?
>
> ... or you can make a fresh one using openssl
> gendh 4096 > dh.pem
This also works
openssl dhparam -out dh.pem 4096
> Note that this will require quite a lot of entropy, so you should
> probably
2017 Oct 20
0
IMAP stops responding.
S?ren Peter Skou <sps at DanskKabelTV.dk> writes:
> I've experienced that IMAP/IMAPS stops responding. To restore service
> there is only one way, restart Dovecot completely. This leads to
> services being interrupted for some people, so it seems to only affect
> some of the users on the server. But POP3/POP3s is still running
> happily. Also, it happens more as we
2016 Apr 13
1
v2.3 development tree forked in git
The git master branch starts tracking Dovecot v2.3 development from now on. There are soon going to be several API changes there that might break plugins. If you wish to keep tracking latest v2.2.x development instead, switch to master-2.2 branch.
The nightly releases at http://dovecot.org/nightly/ will also track v2.3 tree.
2016 Apr 13
1
v2.3 development tree forked in git
The git master branch starts tracking Dovecot v2.3 development from now on. There are soon going to be several API changes there that might break plugins. If you wish to keep tracking latest v2.2.x development instead, switch to master-2.2 branch.
The nightly releases at http://dovecot.org/nightly/ will also track v2.3 tree.
2015 Oct 11
2
dovecot as proxy and verification of the backends certificate
Hello,
I'm using a dovecot as proxy, connecting to one or more backends.
The backends use X.509 certificates.
The proxy's passdb returns
extra fields:
user=foo
proxy
host=backend1.<domain>
ssl=yes
nopassword=y
Thus the proxy connects to the backend but can't verify the backends
certificate.
The following comment suggests using ssl_client_ca_file for
2015 Dec 08
3
v2.2.20 released
On Tuesday 08 of December 2015, Gerhard Wiesinger wrote:
> On 07.12.2015 20:13, Timo Sirainen wrote:
> > http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz
> > http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig
> >
> > This could be (one of) the last v2.2.x release. We're starting v2.3
> > development soon.
>
> Great!
>
> What's on
2017 Dec 18
2
Released Pigeonhole v0.5.0.rc1 for Dovecot v2.3.0.rc1.
Hello Dovecot users,
Here is the Pigeonhole release candidate that goes with the Dovecot
v2.3 release candidate. Of course, a large part of this release consists
of compatibility changes for Dovecot v2.3. Apart from that, not much
changed, just a few additions and fixes that accumulated over the last
few months.
Most of these changes will be back-ported to Pigeonhole v0.4, but that
release will
2017 Dec 18
2
Released Pigeonhole v0.5.0.rc1 for Dovecot v2.3.0.rc1.
Hello Dovecot users,
Here is the Pigeonhole release candidate that goes with the Dovecot
v2.3 release candidate. Of course, a large part of this release consists
of compatibility changes for Dovecot v2.3. Apart from that, not much
changed, just a few additions and fixes that accumulated over the last
few months.
Most of these changes will be back-ported to Pigeonhole v0.4, but that
release will
2015 Dec 07
7
v2.2.20 released
http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig
This could be (one of) the last v2.2.x release. We're starting v2.3 development soon.
+ Added mailbox { autoexpunge=<time> } setting. See
http://wiki2.dovecot.org/MailboxSettings for details.
+ ssl_options: Added support for no_ticket
+ imap/pop3/managesieve-login:
2015 Dec 07
7
v2.2.20 released
http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig
This could be (one of) the last v2.2.x release. We're starting v2.3 development soon.
+ Added mailbox { autoexpunge=<time> } setting. See
http://wiki2.dovecot.org/MailboxSettings for details.
+ ssl_options: Added support for no_ticket
+ imap/pop3/managesieve-login: