similar to: ssl_dh required, even though DH is disabled.

Hi! This change has now been committed, please find it at https://github.com/dovecot/core/compare/cd08262%5E...dd6323.patch Aki On 16.07.2018 09:53, Aki Tuomi wrote: > This is a known issue, but thanks for reporting it. > > > > --- > Aki Tuomi > Dovecot oy > > -------- Original message -------- > From: Eric Toombs <ewtoombs at uwaterloo.ca> > Date:

I?m setting up Dovecot using Homebrew on a new server and am getting this when I try to login via IMAP: Nov 13 14:13:35 auth: Debug: auth client connected (pid=30719) Nov 13 14:13:35 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, secured, session=<gM0HNIN6HtoAAAAAAAAAAAAAAAAAAAAB> Nov 13 14:18:33 auth: Debug: Loading modules from directory:

Actually you need to use ssl_dh=</usr/local/etc/dovecot/dh.pemNote the <Aki -------- Original message --------From: "Michael A. Peters" <mpeters at domblogger.net> Date: 13/11/2018 05:44 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters" tryopenssl dhparam

there is one more thing that you should probably see: this is the error message that cygrunsrv.exe gave me: Eric at ballistic ~ $ cygrunsrv --start sshd cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: The service has not been started. this is the error message that "net" gave to me: Eric at ballistic ~ $ net start sshd The CYGWIN sshd service is starting.

I'm using SSL for dovecot, and dovecot kindly warned me on startup that I needed the ssl_dh parameter, which I specified: # grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf ssl_dh = </etc/dovecot/dh.pem And I generated the file, as specified in the comment: # openssl dhparam -out /etc/dovecot/dh.pem 4096 The file contains the appropriate headers: # grep -P '^\-'

try openssl dhparam -out /usr/local/etc/dovecot/dh.pem 2048 On 11/12/2018 07:28 PM, James Brown wrote: > I?m setting up Dovecot using Homebrew on a new server and am getting > this when I try to login via IMAP: > > Nov 13 14:13:35 auth: Debug: auth client connected (pid=30719) > Nov 13 14:13:35 imap-login: Info: Aborted login (no auth attempts in 0 > secs): user=<>,

Thanks for your reply; I used the defaults, both before and after the upgrade, cf. https://wiki2.dovecot.org/Upgrading/2.3 -> Setting default changes. The new defaults broke the connection. Jan > what are your settings? > > Mine are below and they work just fine: > > ssl_cipher_list = >

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =

Jan Vejvalka <jan.vejvalka at lfmotol.cuni.cz> writes: >> Mine are below and they work just fine: >> >> ssl_cipher_list = >>

I have been reading up on TLS and Dovecot and came across this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites

Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.

On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can

Am 11.06.20 um 18:08 schrieb @lbutlr: > On 10 Jun 2020, at 23:19, @lbutlr <kremels at kreme.com> wrote: >> On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote: >>> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum. >> >> Apologies, I did not see the attachments. Will

On Thursday, January 23, 2020 11:31:46 PM CET Sean Bright wrote: > On 1/21/2020 9:18 PM, hw wrote: > > [transport-tls] > > type = transport > > protocol = tls > > bind = 0.0.0.0:5061 > > tos = cs5 > > cert_file = /etc/asterisk/cert/asterisk.pem > > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt > > method = sslv23 > > This is what mine

Hi, I want to disable dh_key/ssl-parameters.dat entirely since i'm only using ECDHE ciphers. > # 2.2.34 (874deae): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.22 (22940fb7) # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 # Hostname: somehost.com auth_cache_negative_ttl = 0 auth_cache_size = 10 M auth_cache_ttl = 1 days auth_username_chars =

Hi @all, after re-installing one of my two frontends/proxy-servers I get the following error messages after some time (sometimes after 1h, sometimes after 24h): 11:23:55 imap-login: Error: socketpair() failed: Too many open files 11:23:55 imap-login: Error: socketpair() failed: Too many open files 11:23:56 imap-login: Error: socketpair() failed: Too many open files 11:23:56 imap-login: Error:

I haven't done this on the old, working machine. So there must be a difference between Debian 7 and 9 how open files are handled? Regards Patrick Aki Tuomi schrieb: > You probably need to increase ulimit -n > > Aki > > > On 23.08.2017 14:10, Patrick Westenberg wrote: >> Hi @all, >> >> after re-installing one of my two frontends/proxy-servers I get

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

Hello! I edit .pem file and now is the same as you specifie, but not work. Error.log display: [2020-06-24 12:54:54] INFO main/main.c Icecast 2.4.4 server started [2020-06-24 12:54:54] DBUG yp/yp.c Updating YP configuration [2020-06-24 12:54:54] INFO yp/yp.c YP update thread started [2020-06-24 12:54:55] INFO connection/connection.c SSL certificate found at icecast.pem [2020-06-24 12:54:55]

Hi all; I've upgraded a ring of dovecot directors from 2.2.15 to 2.2.36. After the upgrade I've got some instability: a few time per day per server, seemly at random, the auth process stop responding and the clients cannot authenticate any more: Sep 6 14:45:51 imap-front13 dovecot: pop3-login: Warning: Auth process not responding, delayed sending initial response (greeting):