similar to: samba tls protocols and ciphers change how?

Am 02.12.2014 um 17:33 schrieb Darren Pilgrim: > On 12/2/2014 1:32 AM, Reindl Harald wrote: >>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH >>>> ssl_dh_parameters_length = 2048 >>>> ssl_parameters_regenerate = 0 >>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2 >>> >>> But why does ssl_protocols behave

Dear libvirt team, we a currently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128

On 26/04/17 16:16, James Hogarth wrote: > On 26 April 2017 at 13:16, Steven Tardy <sjt5atra at gmail.com> wrote: >> >>> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs <info at microlinux.fr> wrote: >>> >>> The site is rated "C" >> >> The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is

Quoting SW <dovecot at bsdpanic.com>: > Hi All > > First the essentials: > > dovecot --version: 2.2.15 > > /usr/local/etc/dovecot/conf.d/10-ssl.conf: > > ssl = required > > ssl_cert = > </usr/local/openssl/certs/mail.domain.com.chained.dovecot.ecdsa.crt > > ssl_key = </usr/local/openssl/certs/mail.domain.com.ecdsa.key > > ssl_protocols =

Hi All First the essentials: dovecot --version: 2.2.15 /usr/local/etc/dovecot/conf.d/10-ssl.conf: ssl = required ssl_cert = </usr/local/openssl/certs/mail.domain.com.chained.dovecot.ecdsa.crt ssl_key = </usr/local/openssl/certs/mail.domain.com.ecdsa.key ssl_protocols = !SSLv2 !SSLv3 ssl_cipher_list =

Hello. I've just tested my system that runs dovecot 2.3.4.1 on debian buster with testssl.sh (https://testssl.sh/) and is says: Secure Renegotiation (CVE-2009-3555) not vulnerable (OK) Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), potential DoS threat Is this a configuration or a compilation issue and how to solve it? -- sergio.

On 26 April 2017 at 13:16, Steven Tardy <sjt5atra at gmail.com> wrote: > >> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs <info at microlinux.fr> wrote: >> >> The site is rated "C" > > The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is excellent for getting apache tls config up-to-date. > >

Hi Timo, reading this http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use with apple mail ( if no ECDHE is possible ,by missing openssl 1.x etc, seems that apple mail tries ECDHE first if fails its going to use RSA-AES128-SHA ) force soltution as tried ssl_cipher_list =

Am 09.01.2015 um 08:07 schrieb ml at ruggedinbox.com: > Hi all, when hardening dovecot against the POODLE vulnerability, > we followed the advise to disable SSL2 and SSL3 > but this is giving problems with some email clients (claws-mail). > > ssl_protocols = !SSLv2 !SSLv3 > > results in the following error: > > dovecot: pop3-login: Disconnected (no auth attempts in 1

Hi thanks for your help! Trying to set your same parameters, when restarting dovecot, gives the error: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 136: Unknown setting: ssl_prefer_server_ciphers doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 136: Unknown setting:

Am 09.01.2015 um 08:58 schrieb ml at ruggedinbox.com: > Hi thanks for your help! > Trying to set your same parameters, when restarting dovecot, gives the > error: > > doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf > line 136: Unknown setting: ssl_prefer_server_ciphers > doveconf: Error: managesieve-login: dump-capability process returned 89 >

On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can

Hi! Can you install dovecot-dbg to get debug symbols, open the core in gdb and run bt full Aki > On 30/03/2020 17:21 tim at linux-daus.de wrote: > > > Hi, > > currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s). > > We activate core

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

Hi login_log_format_elements = user=<%u> method=%m rip=%r %k is it possible to get rid of the "proxy(test at testserver.rhsoft.net): started proxying to 127.0.0.1:143: " part because on a proxy-only server i know that and it is explicitly not listed in "login_log_format_elements" as well as for the "TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA" it would be

Hi, I'm seeing the following segfault when I run `doveadm search mailbox inbox` with the zlib module enabled with dovecot 2.18 and glibc 2.22 on Arch Linux. It does not happen with glibc 2.21. I've noticed that when I remove "zlib" from the mail_plugins line at the beginning of the config file the segfault goes away. I've also tested hg tip and the problem does not appear

Hi, it seams that the lazy_expunge plugin doesn't work for me after the upgrade... 2.2.32 cry's about plugin { lazy_expunge_only_last_instance=no } is most likely handled as 'yes' - remove the setting completely to disable it. If this is intentional, add quotes around the value: lazy_expunge_only_last_instance="no" I changed it to

Hello, I stumbled across a 5-year-old post on the dovecot list about changing the dovecot hierarchy separator to enable shared mailboxes (http://www.dovecot.org/list/dovecot/2011-January/056201.html <http://www.dovecot.org/list/dovecot/2011-January/056201.html>). At the moment I?m stuck in a pretty similar situation. Migrated from courier to dovecot 2 years ago and preserved the

Hi, currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s). We activate core dumps. Concerning the sensitive information in the dump we would prefer to not share the dump (e.g. i found our ssl private key in the dump). Log/Stack trace: Mar 30 15:54:06 imap16 dovecot:

I have the following two settings in my "10-ssl.conf" file # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend? Thanks! -- Jerry