similar to: Wishlist: TLS,SSL cipher in a variable.

Displaying 20 results from an estimated 7000 matches similar to: "Wishlist: TLS,SSL cipher in a variable."

2015 Apr 28
1
Disable weak ciphers in vnc_tls
Dear libvirt team, we a currently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128
2013 Aug 14
1
Patch to log the cipher suite used for TLS
Hello, the attached patch for Dovecot 2.2.4 improves the logging to include information about the cipher suite used for a TLS connection. Here is an example log line: Aug 13 21:49:55 colwyn dovecot: imap-login: Login: user=<tron>, method=CRAM-MD5, rip=2001:8b0:114:1::2, lip=2001:8b0:114:1::2, mpid=10567, TLS=<TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)>,
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a
2010 Sep 20
1
Sendmail TLS verify=fail
Hi, I have a small question with sendmail and tls verification. The tls verify fails on our internal/external sendmail servers. For example: STARTTLS=server, relay=mx1.imt-systems.com [89.146.219.60], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 STARTTLS=server, relay=acsinet12.imt-systems.com [89.146.219.42], version=TLSv1/SSLv3, verify=FAIL,
2006 Aug 16
1
Re: 400 Bad Request error from svn
It's nice to see that the OS where CentOS gets its sources from also experiments the same error! I have been very busy lately so I haven't had the time to deal with the problem, probably later this week or early next week. As soon as I find something Ill let you know. Hopefully you'll do the same if you come across the solution first. PS. Forwarding this message to the mailing
2010 Jul 11
4
SSL / TLS Problem
Hi, since I upgraded to the new Thunderbird version 3.1 I can't establish a TLS/SSL connection anymore. But before the update Thunerbird was able to establish an encrypted session ... Maillog shows me the following now: server dovecot: imap-login: Disconnected (no auth attempts): rip=84.157.133.248, lip=192.168.1.100, TLS handshaking: SSL_accept() failed: error:14094418:SSL
2010 Feb 18
1
using signed certificates for TLS/SSL
Hi, I have, in one customer, a web server running on a Verisign-signed certificate SSL certificate. Everything works fine, IE and Firefox connects on https without asking anything, which usually happens on self-signed certificates. I'm trying to use that certificate on dovecot, but clients (Thunderbird basically) keeps saying the certificate is not valid. yes i'm using,
2015 Jan 16
4
Outlook and TLSv.1
Hi Folks, after adding TLSv1.2 to by TLS options a lot of Outlook users complaint about connection errors, openssl s_client and Thunderbird works fine. I found some posts about this but none of them had a real solution on this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 ssl_cert = </var/qmail/control/servercert.pem
2017 Apr 27
2
confused with ssl settings and some error - need help
Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =
2017 Apr 27
2
confused with ssl settings and some error - need help
Cipher list which You post provide better compatibility or security than those which I currently have? On older software version these cipher list works well and not generate any errors when I run Internal PCI scan test from https://cloud.tenable.com for another server. But for new server with newer software during test I got errors in mail.err. 2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi
2017 Feb 01
2
Dovecot auth-worker error after cram-md5 auth
Is there any strange thing in these config lines? 2017-02-01 9:40 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > doveadm log errors can be helpful too > > > On 01.02.2017 10:25, Poliman - Serwis wrote: > > I can check each logs, I have root privileges. > > > > 2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > > > >> Can
2017 Apr 30
2
confused with ssl settings and some error - need help
What kind of test are you running? Aki > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> wrote: > > > I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test > still gives errors: > Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
2017 Feb 01
3
Dovecot auth-worker error after cram-md5 auth
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism
2017 Feb 01
2
Dovecot auth-worker error after cram-md5 auth
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? My config (default passdb block and auth_mechanisms, nothing more changed): root at vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp =
2017 Feb 01
3
Dovecot auth-worker error after cram-md5 auth
I can check each logs, I have root privileges. 2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > Can you check your logs? > > Aki > > > On 01.02.2017 10:02, Poliman - Serwis wrote: > > When I used backup copy of the dovecot.conf file I have this same error. > So > > I think that maybe something was written to database? I really would >
2017 Feb 01
2
Dovecot auth-worker error after cram-md5 auth
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is: # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota"
2013 Aug 14
3
force ciphers order for clients
Hi Timo, reading this http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use with apple mail ( if no ECDHE is possible ,by missing openssl 1.x etc, seems that apple mail tries ECDHE first if fails its going to use RSA-AES128-SHA ) force soltution as tried ssl_cipher_list =
2016 Mar 10
2
Client-initiated secure renegotiation
On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can
2017 Feb 01
3
Dovecot auth-worker error after cram-md5 auth
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would point out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql And in auth_mechanisms add line