similar to: dovecot TSL 1.3 config option 'ssl_ciphersuites' causes fatal error on launch. not supported, bad config, or bug?

> On 24/09/2020 05:24 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > I've installed > > grep PRETTY /etc/os-release > PRETTY_NAME="Fedora 32 (Server Edition)" > dovecot --version > 2.3.10.1 (a3d0e1171) > openssl version > OpenSSL 1.1.1g FIPS 21 Apr 2020 > > iiuc, Dovecot has apparently had support for setting TLS 1.3

>> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. > > There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread. If the ciphersuite (not cipher for that's a TLSv1.2 term), but a

> On Thu, 6 Apr 2006, Miller, Damien wrote: > > > > > Does OpenSSH 4.3 support the use of the TLS ciphersuites that are > > supported in OpenSSL? > > If so, is this a compile time option or a run-time option? > Or can sshd > > support both the SSL and TLS ciphersuites at the same time? > > OpenSSH doesn't use SSL or TLS - the SSH protocol

Hello there. The FreeBSD-SA-04:05.openssl Security Advisory announced a "null-pointer assignment during SSL handshake" DoS vulnerability. However, the OpenSSH Security Advisory of 17 March 2004 announced the same vulnerability with one more vulnerability. Look at http://www.openssl.org/news/secadv_20040317.txt Isn't FreeBSD vulnerable to the second "Out-of-bounds read affects

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

Does OpenSSH 4.3 support the use of the TLS ciphersuites that are supported in OpenSSL? If so, is this a compile time option or a run-time option? Or can sshd support both the SSL and TLS ciphersuites at the same time? Jim Humphreys

Hi all, I have recently migrated my mail from courier-imap to dovecot. In doing so, I finally configured mutt to connect to imaps (SSL). In the end I got it all working. I then sat back and thought: "I kinda don't understand the SSL/TLS part even though it works". And I hate setting stuff up and not truely understanding the mechanics of it. So I started to write about it and am

Hi, In my Centos-8 server, it was not necessary using "Options = ServerPreference" parameter. My openssl.conf look like that : openssl_conf = default_modules [ default_modules ] ssl_conf = ssl_module [ ssl_module ] system_default = crypto_policy [ crypto_policy ] *.include /etc/crypto-policies/back-ends/opensslcnf.config* And /etc/crypto-policies/back-ends/opensslcnf.config :

hi, On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote: > I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 to?Dovecot v2.3.8 on Centos-8 My report is specifically/solely about the addition/use of the Options = ServerPreference parameter. I don't see that in your configuration. Are you using it? In a config using Dovecot's submission proxy?

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

Hi! I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before. Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server. The security scanner found an error regarding a new SSL security leak named "BEAST". The

bump On 8/24/20 5:17 PM, PGNet Dev wrote: > I've > > dovecot --version > 2.3.10.1 (a3d0e1171) > openssl version > OpenSSL 1.1.1g FIPS 21 Apr 2020 > > , atm on Fedora32. > > I configure > > /etc/pki/tls/openssl.cnf > > to set preferences for apps' usage, e.g. Postfix etc; Typically, here > > cat /etc/pki/tls/openssl.cnf >

The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- src/config/all-settings.c

> On 22/09/2020 20:05 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > bump > > On 8/24/20 5:17 PM, PGNet Dev wrote: > > I've > > > > dovecot --version > > 2.3.10.1 (a3d0e1171) > > openssl version > > OpenSSL 1.1.1g FIPS 21 Apr 2020 > > > > , atm on Fedora32. > > > > I configure > > >

Hi all, As I reported earlier (with a typo in the work [BUG]) client certification validation *does not* work even if you do everything exactly according to all documentation and attempts at helpful advice. I have seen this issue with both startssl.com and self-signed certificates, and based on what I've seen from searching the web, this is a problem that has gotten little attention because

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:06.openssl Security Advisory The FreeBSD Project Topic: OpenSSL timing-based SSL/TLS attack Category: crypto Module: openssl Announced:

Does OpenSSH 4.3 support the use of the TLS ciphersuites that are supported in OpenSSL 0.9.8? If so, is this a compile time option or a run-time option? Or can ssh and sshd support both the SSL and TLS ciphersuites at the same time? Jim Humphreys

# HG changeset patch # User David Hicks <david at hicks.id.au> # Date 1373085976 -36000 # Sat Jul 06 14:46:16 2013 +1000 # Node ID ccd83f38e4b484ae18f69ea08631eefcaf6a4a4e # Parent 1fbac590b9d4dc05d81247515477bfe6192c262c login-common: Add support for ECDH/ECDHE cipher suites ECDH temporary key parameter selection must be performed during OpenSSL context initialisation before ECDH and

Sorry to bump up an old thread. 2.3.11.3 already contains this patch and the error still gets generated.? Anything else we could try ? Scott On Wednesday, 19/08/2020 at 11:37 Josef 'Jeff' Sipek wrote: On Wed, Aug 19, 2020 at 17:03:57 +0200, Alessio Cecchi wrote: > Hi, > > after the upgrade to Dovecot 2.3.11.3, from 2.3.10.1, I see frequently > these errors from

On 19/08/2020 17:37, Josef 'Jeff' Sipek wrote: > On Wed, Aug 19, 2020 at 17:03:57 +0200, Alessio Cecchi wrote: >> Hi, >> >> after the upgrade to Dovecot 2.3.11.3, from 2.3.10.1, I see frequently >> these errors from different users: > It looks like this has been around for a while and you just got unlucky and > started seeing this now. Here's a quick