similar to: different TLS protocols on different ports

Am 14.11.18 um 20:22 schrieb Aki Tuomi: > Not possible I'm afraid. Hello Aki, is it not possible in 2.2.36 or not possible at all? I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers. IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS) Switching Clients to

On Wed, 14 Nov 2018, Aki Tuomi wrote: >> I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So >> I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to >> enable TLS1.2 and TLS1.3 only. >> >> Is this possible with dovecot-2.2.36 / how to setup this? > > Not possible I'm afraid. ("Not possible" = challenge!)

Sure did! I am even playing with different options (including NONE) and it seems to ignore the contents of ssl.conf I have tried Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA: Environment=G_TLS_GNUTLS_PRIORITY=NORMAL:+TLS1.2:!TLS1.1:!TLS1.0:!ECDHE-RSA-AES256-SHA Environment=G_TLS_GNUTLS_PRIORITY=PFS

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 14 November 2018 at 21:19 "A. Schulze" < <a href="mailto:sca@andreasschulze.de">sca@andreasschulze.de</a>> wrote: </div>

Thanks, Randal for the response. But it did not work. Here the results: #yum info cockpit Name : cockpit Arch : x86_64 Version : 195.1 Release : 1.el7.centos.0.1 Size : 51 k Repo : installed >From repo : extras Summary : Web Console for Linux servers URL : https://cockpit-project.org/ License : LGPLv2+ [root at cockpit ~]# cat

The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- src/config/all-settings.c

On 27 August 2017 08:32:06 CEST, Timo Sirainen <tss at iki.fi> wrote: >> DEF(SET_STR, ssl_protocols), >> DEF(SET_STR, ssl_cert_username_field), >> DEF(SET_STR, ssl_crypto_device), >> + DEF(SET_STR, ssl_lowest_version), > >Does it really require a new setting? Couldn't it use the existing >ssl_protocols setting? You need to set a minimal version.

On 11/14/2018 01:46 PM, Joseph Tam wrote: > On Wed, 14 Nov 2018, Aki Tuomi wrote: > >>> I'm providing IMAP+Starttls on port 143 for users with legacy MUA.? So >>> I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to >>> enable TLS1.2 and TLS1.3 only. >>> >>> Is this possible with dovecot-2.2.36 / how to setup this? >>

On 01.10.2019 14:06, Rowland penny via samba wrote: > On 01/10/2019 12:51, Arkadiusz Karpi?ski wrote: >> >> On 30.09.2019 20:03, Rowland penny via samba wrote: >>> On 30/09/2019 18:06, akarpinski wrote: >>>> Samba version is 4.10.7 >>>> >>>> smb.conf: >>>> >>>> # Global parameters >>>> [global]

Hi, I'm using cockpit in standard port 9090 in a Centos 7 system. Due to a suggestion from management, they want TLS 1.1 disabled system-wide in all Linux boxes and TLS 1.2 enabled. I have not found proper documentation on how to disable it for cockpit (version 195.1 ships with Centos 7) So far I have tried (https://cockpit-project.org/guide/149/https.html):

Yep, maybe using ssl offloading devices like (BigIP) that receives tls1.2 and tlsv1.2 and then re-encrypts traffic with tls1.0 might be "cheapest" solution. -- Eero 2015-04-17 14:15 GMT+03:00 Johnny Hughes <johnny at centos.org>: > On 04/16/2015 05:00 PM, Eero Volotinen wrote: > > in fact: modgnutls provides easy way to get tlsv1.2 to rhel 5 > > > > -- >

> On November 14, 2018 at 12:46 PM "A. Schulze" <sca at andreasschulze.de> wrote: < > I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers. > IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS) "IMAPS" has been used forever. Every

Hello all: For several years I have been running the following in a Linux server. Dovecot Version: 2.0.9 *IMAP:* Connection Security: SSL/TLS Port: 993 Authentication Method: Normal Password *SMTP:* Connection Security: STARTTLS Port: 587 Authentication Method: Normal Password The E-mail client is Thunderbird on Windows. I am preparing a new server, with Dovecot 2.2.36 and would like to know

You looking for something like this i think? Enable TLS1.2 ( and if supported TLS1.3) and allowes AES128 and EAS256. tls priority = SECURE256:+SECURE128:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0:-VERS-DTLS1.1 Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert Marcano via samba > Verzonden: dinsdag

Hello, Before I get in to my question is ssl on 993 or starttls on 143 better from a security perspective? I've noticed that I've got a dovecot listener on port 993, below is my doveconf -n output I don't have an imaps listener uncommented should I do so and set it's port to 0? Will that disable the 993 listener? Thanks. Dave. # 2.3.10 (0da0eff44):

Hello list, I use currently a non-dovecot pop3 proxy which has the ability to scan all passing mails for viruses. And I like dovecot. I have to combine both. One (and the only) idea is to call a virusscanner a shellscript, installed as PostLoginScript. But I see multiple disadvantages: 1. it's a shellscript which tents to be slow. 2. it's called *on* the mailbox-host, not on a dedicated

On 10/18/18 4:14 PM, Johnny Hughes wrote: > On 10/18/2018 12:36 PM, Walter H. wrote: >> On 18.10.2018 00:08, Johnny Hughes wrote: >>> The bottom line .. we don't make the decision whether or not to use >>> systemd or not.? We rebuild RHEL source code. >> will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2? >> I'm sure there will

On Fri, 25 Mar 2016 16:50, Eero Volotinen wrote: > > Stop paranoia? Tlsv1.0 is not recommended when storing credit card data. > > Eero > Hi List, > > Does anyone know why the above URL is still using TLS V1.0. > > I can't connect to it unless I enable TLS V1.0 which I was under the > impression that it should not be used > anymore. > > Thanks for any

Steffen Kaiser: > Is the detail delived to Dovecot by the MTA at all? sure! have to say: I faked that example. In reality I tested the inverse way: My lab setup actually *do* deliver to folders and I saw, setting lmtp_save_to_detail_mailbox to 'no' still deliver to folder while INBOX was expected. so, correct hint: I should really try on an other system ... But from my debug logs it

Thomas Leuxner: > namespace { > location = virtual:~/mdbox/virtual > prefix = Virtual/ > separator = / > } > > $ cat virtual/Flagged/dovecot-virtual > * > Public/* > flagged once setup correctly it works like expected :-) > Another example, the one I used in the original reply, is 'gluing' > together archives as a single view: > > $