similar to: openssl question

> but i try to this command > > openssl s_client -connect mail.mydomain:pop3s -starttls imap > > it says CONNECTED and hang. second command is correct? Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays). If you're testing IMAP, try one or the other or both depending of how many flavours

Hi, In my Centos-8 server, it was not necessary using "Options = ServerPreference" parameter. My openssl.conf look like that : openssl_conf = default_modules [ default_modules ] ssl_conf = ssl_module [ ssl_module ] system_default = crypto_policy [ crypto_policy ] *.include /etc/crypto-policies/back-ends/opensslcnf.config* And /etc/crypto-policies/back-ends/opensslcnf.config :

I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test still gives errors: Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:07

Internal PCI Scan on Tenable.io website. Of course after register account. 2017-04-30 9:11 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > What kind of test are you running? > > Aki > > > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> > wrote: > > > > > > I turned of ssl_cipher_list in dovecot.conf file (so it's

> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Thank You for answers. But: > 1. How should be properly configured ssl_cipher_list? ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH To disable non-EC DH, use: ssl_cipher_list =

What kind of test are you running? Aki > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> wrote: > > > I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test > still gives errors: > Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

> On April 27, 2017 at 8:12 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Hi, > To default dovecot.conf file I added (based on found documentation): > ssl = required > disable_plaintext_auth = yes #change default 'no' to 'yes' > ssl_prefer_server_ciphers = yes > ssl_options = no_compression > ssl_dh_parameters_length = 2048 >

CentOS 7 Dovecot 2.2.36 Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<> Was working fine for over a year, until the cert expired and I replaced it. I've tried the good cert I have for

Cipher list which You post provide better compatibility or security than those which I currently have? On older software version these cipher list works well and not generate any errors when I run Internal PCI scan test from https://cloud.tenable.com for another server. But for new server with newer software during test I got errors in mail.err. 2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi

> On 16/11/2020 09:54 lists at lazygranch.com <lists at lazygranch.com> wrote: > > > On Sun, 15 Nov 2020 17:31:07 -0500 > Mike Schroeder <mikeschroe at gmail.com> wrote: > > > CentOS 7 > > Dovecot 2.2.36 > > > > Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth > > attempts in 0 secs): > > user=<>,

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =

It?s been awhile since I set up my dovecot instance (like several years) and my transition from 1.x to 2 seems to have not gone well: all I can see is that authentication is banjaxed and I?m not sure what needs to be done to fix it. # 2.2.32 (dfbe293d4): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.3-STABLE i386 auth_debug = yes auth_mechanisms = plain login listen = *,[::] log_path =

> Le 4 sept. 2019 ? 20:11, Henrik Johansson via dovecot <dovecot at dovecot.org> a ?crit : > > Hi, > > Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13? > > TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones

On 1/18/2015 12:45 AM, Robert Schetterer wrote: > Am 16.01.2015 um 12:24 schrieb Oliver Welter: >> Hi Folks, >> >> after adding TLSv1.2 to by TLS options a lot of Outlook users complaint >> about connection errors, openssl s_client and Thunderbird works fine. >> >> I found some posts about this but none of them had a real solution on >> this - I

Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.

Greetings, I have had to reinstall my email server on another Linux (centos 7.6) VPS, with a newer version of dovecot, other software and a brand new letsencrypt certificate just for email withpostfix and dovecot (that certificate works fine with postfix). Output of dovecot --version and dovecot -n on the new server is below. Now, messages ARE delivered in the right IMAP mailboxes, but when I try

Hi *, The change in default SSL settings between 2.2 and 2.3 cut off a few clients; Microsoft-hosted Exchange (?) being one of them: Jan 4 11:02:56 kremail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=40.101.4.hisip, lip=myip, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher,

Hello Aki, maybe I misunderstood you, but both adding an "ssl = yes" line to this section of dovecot.conf, and commenting out the whole "four lines starting at "inet_listener imaps" do not have any effect : service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } this is the error I still get after

Hi! You have misconfigured service imap-login, remove the 993 listener config (it's there by default) or add ssl = yes to it. Aki On 11.12.2018 11.58, Marco Fioretti wrote: > hello, and some update > short version: the error is still there, but I have some more data to > share, thanks in advance for further advice > > first, I am using Mutt 1.10.1 (2018-07-13) as mail client,