On 12/2/2014 10:26 AM, Will Yardley wrote:
In this case, it was consuming a lot of CPU for 5+ minutes, and the
.dat.tmp file hadn't been updated since the process started, so I'm not
sure if something went wrong.
Yes, large DH parameters take time to generate, hence turning off
regeneration.
On Tue, Dec 02, 2014 at 10:12:22AM -0800, Darren Pilgrim wrote:
> On 12/2/2014 10:05 AM, Will Yardley wrote:
> > I had some problems the first few times I restarted with ssl-params
> > seeming to hang, but it finally works.
>
> That would have been dovecot generating the 4096-bit DH parameters. I
On 12/2/2014 10:05 AM, Will Yardley wrote:
I had some problems the first few times I restarted with ssl-params
seeming to hang, but it finally works.
That would have been dovecot generating the 4096-bit DH parameters. It
can take a bit, but Dovecot is quite fast at it. If Dovecot supported
I had some problems the first few times I restarted with ssl-params
seeming to hang, but it finally works.
I am able to get it to work with just:
ssl = required
ssl_dh_parameters_length = 4096
ssl_parameters_regenerate = 0
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_li
On Tue, Dec 02, 2014 at 08:34:50AM -0800, Darren Pilgrim wrote:
> On 12/1/2014 9:44 PM, Will Yardley wrote:
> > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
> >> On 12/1/2014 4:43 PM, Will Yardley wrote:
> >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same conf
On 12/2/2014 8:38 AM, Reindl Harald wrote:
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim:
On 12/2/2014 1:32 AM, Reindl Harald wrote:
ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH
ssl_dh_parameters_length = 2048
ssl_parameters_regenerate = 0
ssl_protocols = !SSLv2 !SSLv3 TLSv1 TL
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim:
On 12/2/2014 1:32 AM, Reindl Harald wrote:
ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH
ssl_dh_parameters_length = 2048
ssl_parameters_regenerate = 0
ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2
But why does ssl_protocols b
On 12/1/2014 9:44 PM, Will Yardley wrote:
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
On 12/1/2014 4:43 PM, Will Yardley wrote:
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
Is there a way to exclude these ciphers, while s
On 12/2/2014 1:32 AM, Reindl Harald wrote:
Am 02.12.2014 um 06:44 schrieb Will Yardley:
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
On 12/1/2014 4:43 PM, Will Yardley wrote:
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
Am 02.12.2014 um 06:44 schrieb Will Yardley:
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
On 12/1/2014 4:43 PM, Will Yardley wrote:
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
Is there a way to exclude these ciphers, whi
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
> On 12/1/2014 4:43 PM, Will Yardley wrote:
> > Can you use both ssl_protocols *and* ssl_cipher_list in the same config
> > (in a way that's sane)?
>
> > Is there a way to exclude these ciphers, while still keeping my config
> > easy
On 12/1/2014 4:43 PM, Will Yardley wrote:
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
Is there a way to exclude these ciphers, while still keeping my config
easy to parse and avoiding duplicative or deprecated configs?
Yes to both. If you
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
ssl_protocols (>= 2.1)
and
ssl_cipher_list
co-exist, or are they mutually exclusive?
I have a Dovecot 2.2.13 system, and I tried setting:
I also tried things like
ssl_cipher_list = HIGH
or
ssl_ciphe
13 matches
Mail list logo
