On Thu, Jun 26, 2014 at 05:13:20PM +0200, Robert Schetterer wrote:
> Am 26.06.2014 11:53, schrieb Adi Kriegisch:
> > On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote:
> >> Am 21.05.2014 19:47, schrieb Sebastian Goodrick:
> >>> I just installed the (rapid-ssl) certificate and it wor
Am 26.06.2014 11:53, schrieb Adi Kriegisch:
> On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote:
>> Am 21.05.2014 19:47, schrieb Sebastian Goodrick:
>>> I just installed the (rapid-ssl) certificate and it works now.
>>> Needless to say that I don't understand it. The old certificate
Hey!
> >0x800CCC0E IXP_E_FAILED_TO_CONNECT Cannot connect to server
> >Pretty helpful error message after all... ;-)
>
> Well, _did_ you've verified that the connection is started at all?
Yup. As written in my first mail, the client tears down the connection
after the ssl key exchange with a FIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 26 Jun 2014, Adi Kriegisch wrote:
I am struggling with the same issue for some time now: win8/outlook isn't
able to connect to dovecot 2.2.9 (from Debian/backports); the error on the
outlook side of things is 0x800CCC0E which is really help
Hi!
> > I am struggling with the same issue for some time now: win8/outlook isn't
> > able to connect to dovecot 2.2.9 (from Debian/backports); the error on the
> > outlook side of things is 0x800CCC0E which is really helpful.
>
> A listing of all of Window's error codes:
>
> http://support.micr
On Thu, 26 Jun 2014 11:53:49 +0200, Adi Kriegisch stated:
> I am struggling with the same issue for some time now: win8/outlook isn't
> able to connect to dovecot 2.2.9 (from Debian/backports); the error on the
> outlook side of things is 0x800CCC0E which is really helpful.
A listing of all of Wi
On Thu, 26 Jun 2014 11:53:49 +0200, Adi Kriegisch stated:
> On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote:
> > Am 21.05.2014 19:47, schrieb Sebastian Goodrick:
> > > I just installed the (rapid-ssl) certificate and it works now.
> > > Needless to say that I don't understand it.
On Wed, May 21, 2014 at 09:14:26PM +0200, Robert Schetterer wrote:
> Am 21.05.2014 19:47, schrieb Sebastian Goodrick:
> > I just installed the (rapid-ssl) certificate and it works now.
> > Needless to say that I don't understand it. The old certificate worked
> > with all other clients but win8/out
Am 21.05.2014 19:47, schrieb Sebastian Goodrick:
>
>> every "official" up2date ssl crt should work, also dont forget to
>> include intermediate crt/pem in your ssl dove chain
>
> I just installed the (rapid-ssl) certificate and it works now.
> Needless to say that I don't understand it. The old c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> every "official" up2date ssl crt should work, also dont forget to
> include intermediate crt/pem in your ssl dove chain
I just installed the (rapid-ssl) certificate and it works now.
Needless to say that I don't understand it. The old certificate
Am 18.05.2014 20:04, schrieb Sebastian Goodrick:
>> Hi Sebastian, sorry for the delay ,i could not reproduce your
>> problem, speculate you have wrong settings in your server/client
>> setup and/or you have firewall loadbalancers, proxies between
>> server and client which fail with some ciphers
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Hi Sebastian, sorry for the delay ,i could not reproduce your
> problem, speculate you have wrong settings in your server/client
> setup and/or you have firewall loadbalancers, proxies between
> server and client which fail with some ciphers
Thank y
Am 09.05.2014 10:33, schrieb Robert Schetterer:
> Am 09.05.2014 08:29, schrieb Sebastian Goodrick:
my speculate was, it leaves too less ciphers left
>> OK, but does the old dovecot/openssl version provide less ciphers than
>> the new install?
>
> sorry i am short in time
>
>
> dovecot hast
Am 09.05.2014 21:57, schrieb Sebastian Goodrick:
> On 09.05.2014 14:40, Reindl Harald wrote:
>>> For any reason I don't understand, there are ciphers listed twice
>>> in the old OpenSSL version but also once in the new version:
>>> EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5
>> EXP-RC4-MD5 != RC4-MD5
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09.05.2014 14:40, Reindl Harald wrote:
>> For any reason I don't understand, there are ciphers listed twice
>> in the old OpenSSL version but also once in the new version:
>> EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5
> EXP-RC4-MD5 != RC4-MD5
Obviously.
Am 09.05.2014 14:28, schrieb Sebastian Goodrick:
> For any reason I don't understand, there are ciphers listed twice in
> the old OpenSSL version but also once in the new version:
> EXP-RC2-CBC-MD5, EXP-RC4-MD5, RC4-MD5
EXP-RC4-MD5 != RC4-MD5
however, with a recent dovecot setup and openssl >= 1.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I will go through the links later today, thanks.
> openssl ciphers
The new OpenSSL supports many additional ciphers. Three ciphers are
not supported anymore: DES-CBC-MD5, DES-CBC3-MD5, RC2-CBC-MD5
For any reason I don't understand, there are ciphers l
Am 09.05.2014 08:29, schrieb Sebastian Goodrick:
>>> my speculate was, it leaves too less ciphers left
> OK, but does the old dovecot/openssl version provide less ciphers than
> the new install?
sorry i am short in time
dovecot hast setup options for ciphers related to your openssl version
ple
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>> my speculate was, it leaves too less ciphers left
OK, but does the old dovecot/openssl version provide less ciphers than
the new install? I'm not too familiar with what ciphers ship with
OpenSSL in what version. My naive assumption is, a new version
Am 08.05.2014 22:25, schrieb Robert Schetterer:
> Am 08.05.2014 21:29, schrieb Sebastian Goodrick:
>>> perhaps this has impact...just an idea
>>
>>
>>> http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx
>>
>>> so my specutlation, on win 8 fips
Am 08.05.2014 21:29, schrieb Sebastian Goodrick:
>> perhaps this has impact...just an idea
>
>
>> http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx
>
>> so my specutlation, on win 8 fips mode enabled ,is default
>> currently, ( please verif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> perhaps this has impact...just an idea
>
>
> http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recommending-fips-mode-anymore.aspx
>
> so my specutlation, on win 8 fips mode enabled ,is default
> currently, ( please verify this
Am 08.05.2014 19:50, schrieb Sebastian Goodrick:
>>> I've tried disabling TLS1.2 in dovecot, however I've had no
>>> success. Is there a way to disable TLS1.2?
>
>> isolate the real nature of the problem should be the way to go
>
> Yes, you're right. Disabling TLS1.2 is a workaround, not a soluti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
>> I've tried disabling TLS1.2 in dovecot, however I've had no
>> success. Is there a way to disable TLS1.2?
>
> isolate the real nature of the problem should be the way to go
Yes, you're right. Disabling TLS1.2 is a workaround, not a solution.
Postf
Am 08.05.2014 18:59, schrieb Sebastian Goodrick:
> Disabling TLS1.2 in Win8 provides a workaround for the issue. This is
> done with this registry entry.
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
> 1.2\Client]
> "DisabledByDefault"=dword:000
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Disabling TLS1.2 in Win8 provides a workaround for the issue. This is
done with this registry entry.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS
1.2\Client]
"DisabledByDefault"=dword:0001
"Enabled"=
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Robert
The logs I supplied were derived from "verbose_ssl = yes". I supplied
the lines where it differs from regular requests and suppressed a ton
of SSL output. I don't trust the Outlook logs, too, but supplied them
for completeness.
There are no
Am 07.05.2014 21:59, schrieb Robert Schetterer:
> perhaps i will run my own tests tommorow and report again
meanwhile
check this too
http://www.lynclog.com/2013_04_01_archive.html
...
At this point, just for fun, I decided to disable TLS v1.2 on Windows OS
level
...
for dove
also test setting
Am 07.05.2014 21:15, schrieb Sebastian Goodrick:
> Hello
>
> I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy).
> All clients work as expected except for Outlook (2013 &2010) on Win8
> with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on
> Win 7 works fine. On my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello
I recently upgraded to dovecot 2.1.7 (as supplied with Debian Weezy).
All clients work as expected except for Outlook (2013 &2010) on Win8
with a SSL/TLS connection. (Thunderbird on Win8 and Outlook 2013 on
Win 7 works fine. On my previous dovec
30 matches
Mail list logo
