Am 08.05.2014 22:25, schrieb Robert Schetterer: > Am 08.05.2014 21:29, schrieb Sebastian Goodrick: >>> perhaps this has impact...just an idea >> >> >>> http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx >> >>> so my specutlation, on win 8 fips mode enabled ,is default >>> currently, ( please verify this ) , but it should be disabled be >>> causing too much trouble... >> >> On my fresh install of Win8.1: >> >> HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy >> Enabled=0 > > hm.. > >> >> Indicating that FIPS mode is disabled. As far as I understand FIPS it >> disables certain ciphers / protocols. However, my new dovecot/OpenSSL >> version provides more and stronger ciphers, so FIPS shouldn't be an >> issue (well, in theory). > > definiton of "strong" maybe variable > my speculate was, it leaves too less ciphers left > >> >> Regards >> Sebastian >> > > i will test this now with my win8 and new dove installation, but it will > take time doing endless win upgrades in the vm first > > > Best Regards > MfG Robert Schetterer >
meanwhile from http://social.technet.microsoft.com/Forums/office/en-US/5a8df31b-ef3a-4f42-9776-8ca3200574c7/error-when-using-smtp-with-tls-windows-8-outlook-2013?forum=outlook ... System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" as found in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options which as per description does This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. that needs to be disabled for Outlook.com's SMTP TLS to work. or, looking at the registry: FIPSAlgorithmPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled ... any thoughts about that ? Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein