similar to: upcoming libshout beta/snapshot

On 2015-04-26 18:15, Philipp Schafft wrote: > I tested with both Mozilla's 'Modern' and 'Intermediate' list. Both > work well with all versions of Icecast (official) as well as current -kh. > In that case my suggestion is for libshout to only focus on using the Modern list then as it explicitly excludes DES and RC4 and MD5. While HMAC-MD5 (for some password uses)

On 04/20/2015 05:47 AM, Ralph Giles wrote: > On 19/04/15 08:15 PM, "Thomas B. R?cker" wrote: > >> If anyone happens to know about proven secure settings, just like the >> Mozilla labs settings for server side, please let us know. > You mean like https://wiki.mozilla.org/Security/Server_Side_TLS ? Yes, that's what we used for the Icecast server default cipher

reflum, On Mon, 2015-04-27 at 14:41 +0200, Roger H?gensen wrote: > On 2015-04-26 18:15, Philipp Schafft wrote: > > I tested with both Mozilla's 'Modern' and 'Intermediate' list. Both > > work well with all versions of Icecast (official) as well as current -kh. > In that case my suggestion is for libshout to only focus on using the > Modern list then as

reflum, On Sun, 2015-04-19 at 20:15 +0000, "Thomas B. R?cker" wrote: > Hi, > > as some of you might know Philipp has been working hard on adding TLS > support to libshout, and a few other things. > > Originally we were planning to publish a beta or snapshot today, but we > didn't manage to agree on a openssl client side cipher list yet. > If anyone happens

Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:

Hi everyone, Prompted by the fact that addressing some of the recent SSL problems actually would benefit from also changing things on how openSSL is used (not just updating the library), I started looking into some improvements. The tracking ticket is: https://trac.xiph.org/ticket/2070 To sum it up: - hard disable SSLv3 - hard disable compression - new default cipher list - enable forward

On 06/24/2013 06:27 PM, Thomas R?cker wrote: > Just going to drop my 0,02? here too. > > On 24 June 2013 16:47, Daniel James <daniel.james at sourcefabric.org> wrote: >> Hi Greg, >> >>> The open source AAC/HE-AAC encoders offer pretty poor audio quality. >>> Sometimes you really do get what you pay for, and this is a perfect example. >> An

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a

Hi Greg, > The open source AAC/HE-AAC encoders offer pretty poor audio quality. > Sometimes you really do get what you pay for, and this is a perfect example. An alternative explanation might be that open source developers were not particularly motivated to work on improving AAC encoders, because of difficulties experienced when trying to distribute patent-encumbered code. Cheers! Daniel

On 17.4.2019 23.00, Kostya Vasilyev via dovecot wrote: > I'm not Aki but hope you don't mind... > > On Wed, Apr 17, 2019, at 10:42 PM, TG Servers via dovecot wrote: >> Hi, >> >> MariaDB documentation says it accepts OpenSSL cipher strings in its >> ssl_cipher parameters like ssl_cipher="TLSv1.2". >> This is also mentioned when creating or

Totally understood -- we face similar issues on our forums. Thanks very much, RJ Ryan On Tue, Nov 18, 2014 at 12:15 PM, "Thomas B. R?cker" <thomas at ruecker.fi> wrote: > On 11/18/2014 05:02 PM, RJ Ryan wrote: > > Hm, I attempted to file a ticket but was rejected: > > > > Submission rejected as potential spam > > > > * BotScout says this is

Thomas, it is a bit ridiculous, to be honest. If whole open source community have been thinking like this none of the linux distros would have ever had any multimedia player that is usable by regular user because all of the would have been supporting only Vorbis and Theora. For me, one of the best things in open source is its interoperability, not that it is a ghetto. And you won't reverse

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

Hm, I attempted to file a ticket but was rejected: Submission rejected as potential spam - BotScout says this is spam (Y|MULTI|IP|0|MAIL|0|NAME|2) - StopForumSpam says this is spam (username [40]) Maybe because I just registered? On Mon, Nov 17, 2014 at 12:59 PM, Ralph Giles <giles at thaumas.net> wrote: > On 2014-11-17 7:55 AM, RJ Ryan wrote: > > > They are requesting

On 26 April 2017 at 13:16, Steven Tardy <sjt5atra at gmail.com> wrote: > >> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs <info at microlinux.fr> wrote: >> >> The site is rated "C" > > The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is excellent for getting apache tls config up-to-date. > >

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

>> I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. > > There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. Let us ignore TLSv1.2 as a downgrade option. And focus on TLSv1.3 for its entirety of this thread. If the ciphersuite (not cipher for that's a TLSv1.2 term), but a

I have the following two settings in my "10-ssl.conf" file # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend? Thanks! -- Jerry

On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > On 12/1/2014 4:43 PM, Will Yardley wrote: > > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > > (in a way that's sane)? > > > Is there a way to exclude these ciphers, while still keeping my config > > easy to parse and avoiding duplicative or deprecated configs? > >