similar to: How to secure IceCast (Secure login page and disable SSL/TLS versions.

> On 30 July 2018 at 21:42 J Doe <general at nativemethods.com> wrote: > > > > > On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > > > > Am 29.07.2018 um 21:02 schrieb J Doe: > >> Hello, > >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. > >> In: 10-ssl.conf there are

Am 29.07.2018 um 21:02 schrieb J Doe: > Hello, > > I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. > > In: 10-ssl.conf there are two parameters: > > ssl_protocols > ssl_cipher_list > > ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?. > > If I want to disable

> On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > > Am 29.07.2018 um 21:02 schrieb J Doe: >> Hello, >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. >> In: 10-ssl.conf there are two parameters: >> ssl_protocols >> ssl_cipher_list >> ssl_protocols is commented with ?SSL protocol to

Hello, I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. In: 10-ssl.conf there are two parameters: ssl_protocols ssl_cipher_list ssl_protocols is commented with ?SSL protocol to use? and ssl_cipher_list is commented with ?SSL ciphers to use?. If I want to disable SSLv3, for example, do I need to use both parameters or will disabling SSLv3 ciphers in

Centos 6, stock installation, no additional repos added. vsftp works fine in regular mode, going to ssl I got issues. I get as far as 'directory listing' and it dies. It times out and disconnects. file: /etc/sysconfig/iptables-config added: IPTABLES_MODULES="ip_conntrack_ftp" (without this line, ftp normally fails, afraid it may be causing issues with the ssl) iptables -A

I'm not Aki but hope you don't mind... On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: > Hi, > > MariaDB documentation says it accepts OpenSSL cipher strings in its ssl_cipher parameters like ssl_cipher="TLSv1.2". > This is also mentioned when creating or changing users in terms of setting this with the REQUIRE CIPHER parameter like CREATE USER

I have dovecot running as a pop3s server on port 995 it works great with sendmail and I run nessus to check security issues nessus reports this The SSLv2 server offers 3 strong ciphers, but also 0 medium strength and 2 weak "export class" ciphers. The weak/medium ciphers may be chosen by an export-grade or badly configured client software. They only offer a limited protection against

Hi, I want to disable dh_key/ssl-parameters.dat entirely since i'm only using ECDHE ciphers. > # 2.2.34 (874deae): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.22 (22940fb7) # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 # Hostname: somehost.com auth_cache_negative_ttl = 0 auth_cache_size = 10 M auth_cache_ttl = 1 days auth_username_chars =

ml at ruggedinbox.com writes: > Our smtp server is postfix, can you please suggest a better > 'ssl_protocols' and 'ssl_cipher_list' configuration ? > We are running Debian 7 Wheezy A useful command to know is "openssl ciphers" run on the server that will tell you the ciphers available given a protocol and cipher list spec. If it comes out to empty, your client

IMHO, in short, learn to use encrypted connections. 2016-07-27 22:38 GMT+02:00 Kris Lou <klou at themusiclink.net>: > As of 4.2.11: https://www.samba.org/samba/security/CVE-2016-2112.html > > =================== > New smb.conf option > =================== > > ldap server require strong auth (G) > > The ldap server require strong auth defines whether the

On Wed, Mar 04, 2015 at 06:36:07PM +0200, Adrian Minta wrote: > Thank you for the answer. > The "!EXPORT" part is included in "ECDH at STRENGTH:DH at STRENGTH:HIGH", or it > must be added as well ? This is not the cipher list I sent. It was: ECDH at STRENGTH:DH at STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNUL Mine does not contain any export cipher, yours does. You can

On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote: > I'm not Aki but hope you don't mind... > > On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: >> Hi, >> >> MariaDB documentation says it accepts OpenSSL cipher strings in its >> ssl_cipher parameters like ssl_cipher="TLSv1.2". >> This is also mentioned when creating or

Am 07.02.2015 um 10:10 schrieb SW: > I've just done a test with K9 mail on Android 4.4.2 and this is what I > see in the log: > > ECDHE-ECDSA-AES128-SHA (128/128 bits) > > But when using Thunderbird I see: > > ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) > > I'm happy that Thunderbird is using a secure cipher but is Android? Is > ECDHE-ECDSA-AES128-SHA

Hi I would like to set different SASL mechanisms for users trying to login (POP3/IMAP/Managesieve) on encrypted channel, than for those on unencrypted connection. Specificaly: For users on unencrypted channel, i need to allow login with CRAM-MD5 (to improve security - I have users who require unencrypted connection but i cant let tem use PLAIN login, of course). But for users on

Hello, Now I'm trying to move the LDAP backend from the master OpenLDAP server to a slave one. The ACL rules for all directories requires a "ssf = 112" (Security Strength Factor) just to be sure that all connections are properly encrypted. Also the slave directory has a referral directive pointing the master directory. Samba works perfectly with the slave directory except when

Hi, the actual OpenSSL version detection in dovecot is insufficient. The implementation only checks for SSL_CTRL_SET_ECDH_AUTO. That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed. Thats the code part: #ifdef SSL_CTRL_SET_ECDH_AUTO /* OpenSSL >= 1.0.2 automatically handles ECDH temporary key parameter selection. */ SSL_CTX_set_ecdh_auto(ssl_ctx, 1);

https://bugzilla.mindrot.org/show_bug.cgi?id=1430 Summary: Restore support for "none" cipher, i.e., unencrypted connections Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2

Hai,   Im upping my servers with security setting. Now i noticed that even some sites/tools say its ok, but its really not ok.   So Im looking for the ciphers list for samba or how can i display them. and i want to set the cipher list and order like the example below. Is this possible with samba?   Anyone who can point me to the right direction?   I did google .. and i getting only

Am 14.11.18 um 20:22 schrieb Aki Tuomi: > Not possible I'm afraid. Hello Aki, is it not possible in 2.2.36 or not possible at all? I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers. IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS) Switching Clients to