Displaying 20 results from an estimated 1000 matches similar to: "possible to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers."
2013 Jul 06
1
[PATCH] login-common: Add support for ECDH/ECDHE cipher suites
# HG changeset patch
# User David Hicks <david at hicks.id.au>
# Date 1373085976 -36000
# Sat Jul 06 14:46:16 2013 +1000
# Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e
# Parent 1fbac590b9d4dc05d81247515477bfe6192c262c
login-common: Add support for ECDH/ECDHE cipher suites
ECDH temporary key parameter selection must be performed during OpenSSL
context initialisation before ECDH and
2006 Sep 28
1
FreeBSD Security Advisory FreeBSD-SA-06:23.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-06:23.openssl Security Advisory
The FreeBSD Project
Topic: Multiple problems in crypto(3)
Category: contrib
Module: openssl
Announced:
2017 Jan 17
3
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file
# SSL protocols to use
ssl_protocols = !SSLv2
# SSL ciphers to use
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
I have seen different configurations while Googling. I am wondering
what the consensus is for the best settings for these two items. What
do the developers recommend?
Thanks!
--
Jerry
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 1:32 AM, Reindl Harald wrote:
>
> Am 02.12.2014 um 06:44 schrieb Will Yardley:
>> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
>>> On 12/1/2014 4:43 PM, Will Yardley wrote:
>>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config
>>>> (in a way that's sane)?
>>>
>>>> Is there a
2013 Aug 14
3
force ciphers order for clients
Hi Timo,
reading this
http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/
it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use
with apple mail
( if no ECDHE is possible ,by missing openssl 1.x etc,
seems that apple mail tries ECDHE first if fails its going to use
RSA-AES128-SHA )
force soltution as tried
ssl_cipher_list =
2019 Oct 28
3
changing cipher for imap clients
When my client connects, I see this in my log:
dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128
bits)
Whereas, when client connects to my postfix server, I see:
Anonymous TLS connection established from * TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
how can I tell dovecot to use AES256, instead of AES128 ?
is this set by ssl_cipher_list ? Here are my current
2018 Jan 06
2
TLS problem after upgrading from v2.2 to v2.3
Thanks for your reply; I used the defaults, both before and after the
upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default
changes. The new defaults broke the connection.
Jan
> what are your settings?
>
> Mine are below and they work just fine:
>
> ssl_cipher_list =
>
2016 Nov 21
0
samba tls protocols and ciphers change how?
Hai,
Im upping my servers with security setting.
Now i noticed that even some sites/tools say its ok, but its really not ok.
So Im looking for the ciphers list for samba or how can i display them.
and i want to set the cipher list and order like the example below.
Is this possible with samba?
Anyone who can point me to the right direction?
I did google .. and i getting only
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi,
To default dovecot.conf file I added (based on found documentation):
ssl = required
disable_plaintext_auth = yes #change default 'no' to 'yes'
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_dh_parameters_length = 2048
ssl_cipher_list =
2018 Jul 16
1
ssl_dh required, even though DH is disabled.
Here's my config:
# 2.3.2 (582970113): /etc/dovecot/dovecot.conf
# OS: Linux 4.17.5-1-ARCH x86_64 Arch Linux
# Hostname: vault
passdb {
? driver = pam
}
protocols = imap
service imap-login {
? inet_listener imap {
??? port = 0
? }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/myhostname.com/fullchain.pem
ssl_cipher_list =
2018 Jan 08
1
TLS problem after upgrading from v2.2 to v2.3
Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes:
>> Mine are below and they work just fine:
>>
>> ssl_cipher_list =
>>
2017 Mar 20
1
Deploying Diffie-Hellman for TLS
I have been reading up on TLS and Dovecot and came across this URL:
https://www.weakdh.org/sysadmin.html which recommended these settings
for Dovecot. I would like to know if they are correct? Some much
documentation on the web is pure garbage.
Dovecot
These changes should be made in /etc/dovecot.conf
Cipher Suites
2014 Dec 02
0
disabling certain ciphers
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim:
> On 12/2/2014 1:32 AM, Reindl Harald wrote:
>>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH
>>>> ssl_dh_parameters_length = 2048
>>>> ssl_parameters_regenerate = 0
>>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2
>>>
>>> But why does ssl_protocols behave
2017 Apr 27
2
confused with ssl settings and some error - need help
Thank You for answers. But:
1. How should be properly configured ssl_cipher_list?
2. Ok, removed !TLSv1 !TLSv1.1.
3. Strange thing with ssl_protocols and ssl_cipher_list, because on older
server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two
lines looks exactly this same and no errors in mail.err file and mailes
works without any problem.
4. No, currently I don't use LMTP.
2016 Mar 10
2
Client-initiated secure renegotiation
On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote:
> On 09-03-16 13:14, djk wrote:
>> On 09/03/16 10:44, Florent B wrote:
>>> Hi,
>>>
>>> I don't see any SSL configuration option in Dovecot to disable
>>> "Client-initiated secure renegotiation".
>>>
>>> It is advised to disable it as it can
2020 Jun 12
1
Read-flag of mails don't update
Am 11.06.20 um 18:08 schrieb @lbutlr:
> On 10 Jun 2020, at 23:19, @lbutlr <kremels at kreme.com> wrote:
>> On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote:
>>> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum.
>>
>> Apologies, I did not see the attachments. Will
2020 Jan 23
3
PJSIP and Grandstream Wave with TSL and SRTP
On Thursday, January 23, 2020 11:31:46 PM CET Sean Bright wrote:
> On 1/21/2020 9:18 PM, hw wrote:
> > [transport-tls]
> > type = transport
> > protocol = tls
> > bind = 0.0.0.0:5061
> > tos = cs5
> > cert_file = /etc/asterisk/cert/asterisk.pem
> > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt
> > method = sslv23
>
> This is what mine
2017 Aug 23
3
socketpair failed: Too many open files on Debian 9
Hi @all,
after re-installing one of my two frontends/proxy-servers I get the
following error messages after some time (sometimes after 1h, sometimes
after 24h):
11:23:55 imap-login: Error: socketpair() failed: Too many open files
11:23:55 imap-login: Error: socketpair() failed: Too many open files
11:23:56 imap-login: Error: socketpair() failed: Too many open files
11:23:56 imap-login: Error:
2017 Aug 23
2
socketpair failed: Too many open files on Debian 9
I haven't done this on the old, working machine.
So there must be a difference between Debian 7 and 9 how open files are
handled?
Regards
Patrick
Aki Tuomi schrieb:
> You probably need to increase ulimit -n
>
> Aki
>
>
> On 23.08.2017 14:10, Patrick Westenberg wrote:
>> Hi @all,
>>
>> after re-installing one of my two frontends/proxy-servers I get
2020 Aug 25
2
BUG: _presence_ of valid openssl.cnf Option = 'ServerPreference' causes Dovecot submission relay FAIL: "failed: Failed to initialize SSL: ..."
I've
dovecot --version
2.3.10.1 (a3d0e1171)
openssl version
OpenSSL 1.1.1g FIPS 21 Apr 2020
, atm on Fedora32.
I configure
/etc/pki/tls/openssl.cnf
to set preferences for apps' usage, e.g. Postfix etc; Typically, here
cat /etc/pki/tls/openssl.cnf
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect