TLSv1.0
We have been informed that our mail server may no longer employ TLSv1.0. Only TLSv1.1 and higher are now approved. I attempted to implement this with the following change to imapd.conf: tls_versions: tls1_2 tls1_3 However restarting imapd does not seem to eliminate TLSv1.0. # sslscan 216.185.71.17:993 Version: 1.11.11 OpenSSL 1.0.2-chacha (1.0.2k-dev) Connected to 216.185.71.17 Testing SSL server 216.185.71.17 on port 993 using SNI name 216.185.71.17 TLS Fallback SCSV: Server supports TLS Fallback SCSV TLS renegotiation: Session renegotiation not supported TLS Compression: Compression disabled Heartbleed: TLS 1.2 not vulnerable to heartbleed TLS 1.1 not vulnerable to heartbleed TLS 1.0 not vulnerable to heartbleed <<=== Supported Server Cipher(s): How do I eliminate TLSv1.0? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAP-3.0.8 and Diffie-Hellman
On 11/23/18 12:08 PM, James B. Byrne via Info-cyrus wrote: I would like someone to explain to me how the diffie-hellman parameters are adjusted for cyrus-imap. Unlike Postfix, there does not seem to be a separate setting in imapd.conf for a DH parameter file. At least, I cannot find documentation respecting such a thing. The only information I have gleaned is that it may be necessary to append the DHParm file to the private key of the imap server. That seems to be a rather inelegant way of doings but, if that is the only way to do so then I need that confirmed. If not, then I would very much appreciate being told how else to accomplish it. Not sure about 3.x but that is how it is done in 2.4.x <> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: imapd and count of deleted messages
On Monday 12 November 2018, Michael Menge wrote: > Are you sure messages have been "Deleted" via IMAP EXPUNGE command? Thanks. Two identical clients had different settings for deletion. Everything logging well. -- Regards, Sergey Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
IMAP-3.0.8 and Diffie-Hellman
I would like someone to explain to me how the diffie-hellman parameters are adjusted for cyrus-imap. Unlike Postfix, there does not seem to be a separate setting in imapd.conf for a DH parameter file. At least, I cannot find documentation respecting such a thing. The only information I have gleaned is that it may be necessary to append the DHParm file to the private key of the imap server. That seems to be a rather inelegant way of doings but, if that is the only way to do so then I need that confirmed. If not, then I would very much appreciate being told how else to accomplish it. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus