Displaying 20 results from an estimated 10000 matches similar to: "How to secure IceCast (Secure login page and disable SSL/TLS versions."
2018 Jul 30
0
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
> On 30 July 2018 at 21:42 J Doe <general at nativemethods.com> wrote:
>
>
>
> > On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote:
> >
> > Am 29.07.2018 um 21:02 schrieb J Doe:
> >> Hello,
> >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
> >> In: 10-ssl.conf there are
2018 Jul 29
0
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
Am 29.07.2018 um 21:02 schrieb J Doe:
> Hello,
>
> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
>
> In: 10-ssl.conf there are two parameters:
>
> ssl_protocols
> ssl_cipher_list
>
> ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?.
>
> If I want to disable
2018 Jul 30
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
> On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote:
>
> Am 29.07.2018 um 21:02 schrieb J Doe:
>> Hello,
>> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
>> In: 10-ssl.conf there are two parameters:
>> ssl_protocols
>> ssl_cipher_list
>> ssl_protocols is commented with ?SSL protocol to
2018 Jul 29
2
Restricting SSL/TLS protocol versions on Dovecot 2.2.22
Hello,
I have a question regarding SSL/TLS settings for Dovecot version 2.2.22.
In: 10-ssl.conf there are two parameters:
ssl_protocols
ssl_cipher_list
ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?.
If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in
2012 Mar 02
1
VSftp, ssl/tls, slight issue with directory listings
Centos 6, stock installation, no additional repos added.
vsftp works fine in regular mode, going to ssl I got issues. I get as
far as 'directory listing' and it dies. It times out and disconnects.
file: /etc/sysconfig/iptables-config
added: IPTABLES_MODULES="ip_conntrack_ftp"
(without this line, ftp normally fails, afraid it may be causing issues
with the ssl)
iptables
-A
2019 Apr 17
0
Problem with mysql backend and SSL ciphers
I'm not Aki but hope you don't mind...
On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote:
> Hi,
>
> MariaDB documentation says it accepts OpenSSL cipher strings in its ssl_cipher parameters like ssl_cipher="TLSv1.2".
> This is also mentioned when creating or changing users in terms of setting this with the REQUIRE CIPHER parameter like CREATE USER
2004 Apr 23
3
SSL Ciphers
I have dovecot running as a pop3s server on port 995
it works great with sendmail
and
I run nessus to check security issues
nessus reports this
The SSLv2 server offers 3 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against
2018 May 09
1
possible to disable dh_key/ssl-parameters.dat generation when only using ECDHE ciphers.
Hi,
I want to disable dh_key/ssl-parameters.dat entirely since i'm only using
ECDHE ciphers.
> # 2.2.34 (874deae): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: somehost.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars =
2015 Jan 10
0
dovecot on wheezy, best ssl configuration ?
ml at ruggedinbox.com writes:
> Our smtp server is postfix, can you please suggest a better
> 'ssl_protocols' and 'ssl_cipher_list' configuration ?
> We are running Debian 7 Wheezy
A useful command to know is "openssl ciphers" run on the server that will
tell you the ciphers available given a protocol and cipher list spec.
If it comes out to empty, your client
2016 Jul 28
1
Samba 4.2.x requiring TLS authentication
IMHO, in short, learn to use encrypted connections.
2016-07-27 22:38 GMT+02:00 Kris Lou <klou at themusiclink.net>:
> As of 4.2.11: https://www.samba.org/samba/security/CVE-2016-2112.html
>
> ===================
> New smb.conf option
> ===================
>
> ldap server require strong auth (G)
>
> The ldap server require strong auth defines whether the
2015 Mar 04
0
New FREAK SSL Attack CVE-2015-0204
On Wed, Mar 04, 2015 at 06:36:07PM +0200, Adrian Minta wrote:
> Thank you for the answer.
> The "!EXPORT" part is included in "ECDH at STRENGTH:DH at STRENGTH:HIGH", or it
> must be added as well ?
This is not the cipher list I sent. It was:
ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNUL
Mine does not contain any export cipher, yours does.
You can
2019 Apr 18
1
Problem with mysql backend and SSL ciphers
On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote:
> I'm not Aki but hope you don't mind...
>
> On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote:
>> Hi,
>>
>> MariaDB documentation says it accepts OpenSSL cipher strings in its
>> ssl_cipher parameters like ssl_cipher="TLSv1.2".
>> This is also mentioned when creating or
2015 Feb 07
2
TLS config check
Am 07.02.2015 um 10:10 schrieb SW:
> I've just done a test with K9 mail on Android 4.4.2 and this is what I
> see in the log:
>
> ECDHE-ECDSA-AES128-SHA (128/128 bits)
>
> But when using Thunderbird I see:
>
> ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)
>
> I'm happy that Thunderbird is using a secure cipher but is Android? Is
> ECDHE-ECDSA-AES128-SHA
2015 Oct 27
0
How to use different SASL mechanisms for ssl connections
Hi
I would like to set different SASL mechanisms for users trying to login
(POP3/IMAP/Managesieve) on encrypted channel, than for those on
unencrypted connection.
Specificaly:
For users on unencrypted channel, i need to allow login with CRAM-MD5
(to improve security - I have users who require unencrypted connection
but i cant let tem use PLAIN login, of course). But for users on
2005 Sep 29
1
samba (3.0.20) doesn't use TLS for LDAP referrals
Hello,
Now I'm trying to move the LDAP backend from the master OpenLDAP
server to a slave one. The ACL rules for all directories requires
a "ssf = 112" (Security Strength Factor) just to be sure that all
connections are properly encrypted. Also the slave directory has a
referral directive pointing the master directory.
Samba works perfectly with the slave directory except when
2017 Feb 14
0
openssl 1.1.0d breaks Android7 TLS connects
Hi,
the actual OpenSSL version detection in dovecot is insufficient.
The implementation only checks for SSL_CTRL_SET_ECDH_AUTO.
That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed.
Thats the code part:
#ifdef SSL_CTRL_SET_ECDH_AUTO
/* OpenSSL >= 1.0.2 automatically handles ECDH temporary key
parameter
selection. */
SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
2019 Apr 17
2
Problem with mysql backend and SSL ciphers
2008 Jan 10
2
[Bug 1430] New: Restore support for "none" cipher, i.e., unencrypted connections
https://bugzilla.mindrot.org/show_bug.cgi?id=1430
Summary: Restore support for "none" cipher, i.e., unencrypted
connections
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Other
Status: NEW
Severity: normal
Priority: P2
2016 Nov 21
0
samba tls protocols and ciphers change how?
Hai,
Im upping my servers with security setting.
Now i noticed that even some sites/tools say its ok, but its really not ok.
So Im looking for the ciphers list for samba or how can i display them.
and i want to set the cipher list and order like the example below.
Is this possible with samba?
Anyone who can point me to the right direction?
I did google .. and i getting only
2018 Nov 14
2
different TLS protocols on different ports
Am 14.11.18 um 20:22 schrieb Aki Tuomi:
> Not possible I'm afraid.
Hello Aki,
is it not possible in 2.2.36 or not possible at all?
I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers.
IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS)
Switching Clients to