Then it's rather expected that you'll get some TLS errors, especially when
tenable.io tests for algorithms to see which ones work and which ones wont.
Aki
> On May 5, 2017 at 8:21 AM Poliman - Serwis wrote:
>
>
> Internal PCI Scan on Tenable.io website. Of course after register account.
>
>
Internal PCI Scan on Tenable.io website. Of course after register account.
2017-04-30 9:11 GMT+02:00 Aki Tuomi :
> What kind of test are you running?
>
> Aki
>
> > On April 27, 2017 at 12:00 PM Poliman - Serwis
> wrote:
> >
> >
> > I turned of ssl_cipher_list in dovecot.conf file (so it's defaul
What kind of test are you running?
Aki
> On April 27, 2017 at 12:00 PM Poliman - Serwis wrote:
>
>
> I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test
> still gives errors:
> Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error:
> error:140760FC:SSL
I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test
still gives errors:
Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error:
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stac
Cipher list which You post provide better compatibility or security than
those which I currently have?
On older software version these cipher list works well and not generate any
errors when I run Internal PCI scan test from https://cloud.tenable.com for
another server. But for new server with newe
> On April 27, 2017 at 10:55 AM Poliman - Serwis wrote:
>
>
> Thank You for answers. But:
> 1. How should be properly configured ssl_cipher_list?
ssl_cipher_list =
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
To disable non-EC DH, use:
ssl_cip
Thank You for answers. But:
1. How should be properly configured ssl_cipher_list?
2. Ok, removed !TLSv1 !TLSv1.1.
3. Strange thing with ssl_protocols and ssl_cipher_list, because on older
server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two
lines looks exactly this same and no err
> On April 27, 2017 at 8:12 AM Poliman - Serwis wrote:
>
>
> Hi,
> To default dovecot.conf file I added (based on found documentation):
> ssl = required
> disable_plaintext_auth = yes #change default 'no' to 'yes'
> ssl_prefer_server_ciphers = yes
> ssl_options = no_compression
> ssl_dh_par
Hi,
To default dovecot.conf file I added (based on found documentation):
ssl = required
disable_plaintext_auth = yes #change default 'no' to 'yes'
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_dh_parameters_length = 2048
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECD
