similar to: no shared cipher openssl

> On 16/11/2020 09:54 lists at lazygranch.com <lists at lazygranch.com> wrote: > > > On Sun, 15 Nov 2020 17:31:07 -0500 > Mike Schroeder <mikeschroe at gmail.com> wrote: > > > CentOS 7 > > Dovecot 2.2.36 > > > > Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth > > attempts in 0 secs): > > user=<>,

When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current

Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.

Cipher list which You post provide better compatibility or security than those which I currently have? On older software version these cipher list works well and not generate any errors when I run Internal PCI scan test from https://cloud.tenable.com for another server. But for new server with newer software during test I got errors in mail.err. 2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi

What kind of test are you running? Aki > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> wrote: > > > I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test > still gives errors: > Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Thank You for answers. But: > 1. How should be properly configured ssl_cipher_list? ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH To disable non-EC DH, use: ssl_cipher_list =

Hi, All Due to some routing rotation purpose, I use crontab to add below info: 0 * * * * echo Subnet = 54.169.128.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 0 * * * * echo Subnet = 54.169.0.0/17 >> /etc/tinc/myvpn/hosts/aws_sgp 1 * * * * /usr/sbin/tincd -n myvpn -k 1 * * * * /usr/sbin/tincd -n myvpn --debug=3 30 * * * * sed -i '/54.169.128.0\/17/d' /etc/tinc/myvpn/hosts/aws_sgp

Hi, experts for example, the below case: You can see a lot of back and forth MTU probe packets been exchanged between tinc nodes, but it’s weird that, from the debug log, one line shows "No response to MTU probes from node1”, but it indeed received a lot of MTU probe response, and finally it get the conclusion of "Packet for node1 (1.1.1.1 port 443) larger than minimum MTU”.

I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test still gives errors: Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:07

Internal PCI Scan on Tenable.io website. Of course after register account. 2017-04-30 9:11 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > What kind of test are you running? > > Aki > > > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> > wrote: > > > > > > I turned of ssl_cipher_list in dovecot.conf file (so it's

> On 28/10/2019 16:12 Fourhundred Thecat via dovecot <dovecot at dovecot.org> wrote: > > > When my client connects, I see this in my log: > > dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 > bits) > > Whereas, when client connects to my postfix server, I see: > > Anonymous TLS connection established from * TLSv1 with cipher

Tinc team: I'm creating a vpn for my work laptop and vps and got trapped, here are my config files: on laptop: *tinc.conf Name = envy13 Device = /dev/net/tun ConnectTo = main *hosts/main Address = <my vps ext ip address> Port = 655 Subnet = 10.0.0.1/32 *hosts/envy13 Port = 655 Subnet = 10.0.0.2/32 *tinc-up #!/bin/sh ip link set myvpn up ip addr add 10.0.0.2/32 dev myvpn ip route add

Hi, Tinc experts Diagram as below, A is trying to access host X behind C: A >> B >> C — “host X" B is the tinc server for A, but also B is the tinc client to connect to C. My question is, if I only use one VPN (/etc/tinc/myvpn), then the host configuration for B will be tricky. As the tinc server to A, B’s host config (/etc/tinc/myvpn/hosts/B) needs have the Subnet = X/32,

1. Is there any tools/command, we can show the subnet where a certain tinc nodes learnt? So that I can know the weight for certain subnet(in real time), instead of go back to the node’s (who advertise the subnet) configuration file to check. 2. So far in order to change the weight of a subnet, or something else, I have to reset the tinc daemon( tincd -k -n myvpn and then tincd -n myvpn) in

Hi Tinc Groups again, Now i can set syslog. But my problem still the same. When i check Tap0 configure. I know idea what's wrong that i set. I set up tap follow these. ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 192.168.1.1 netmask 255.255.255.0 ifconfig tap0 -arp But i notice in my routing table have 2 myvpn. Like these, myvpn * 255.0.0.0

Hi, Guus Thanks a lot for your suggestion, actually I did something else as below. But one question here is if I don’t add "/sbin/ifconfig myvpn 10.0.0.1 netmask 255.255.255.0”, it seems the crontab wouldn’t trigger tinc-up, and then the ip addr of myvpn wouldn’t be configured, then it will prompt the error of "Can't write to Linux tun/tap device (tun mode) /dev/net/tun:

Hello, Since the present tinc documentation is not very clear about this, please explain the following: is it mandatory to include the local IP address classes in the global VPN address class? Namely, please consider the following setup (which works great in practice): 1. A tinc VPN, full mesh, with n nodes (n > 3) 2. tinc runs on the firewall, which is also the default gateway for each

Hi, Etienne In addition, is there any option or switch can turn of the automatic direct connection? For the example below, even A has the route to C and can establish UDP connection directly, but I need the traffic to go through B, how can I achieve that easily? (instead of remove something from A’s routing table, or manually block the connection between A and C) > On 1 May 2017, at 6:28 PM,

There is no concept of "client" or "server" in tinc. tinc is purely peer-to-peer. "ConnectTo" statements only indicate which node will attempt to establish the initial connection, but once the connection is established, direction does not matter. It is unclear from your message which node is responsible for which subnet. If X/32 truly belongs to C, then simply set

> > For pls files: > > http://www.shoutclub.com/help/linking.php3 > Thanks. It says that I can use the URL by appanding > listen.pls as in > http://194.109.227.136:8000/listen.pls > > In this case it still wanted to drag down some > multibegabyte files. What happened? you read: Well the simplest method is using your SHOUTcast servers built in Web server, this feature