On 25 Oct 2018, at 05:11, Ralph Seichter wrote:
> Please don't try to spread your personal misjudgement as gospel,
It is not mine, but thanks for playing.
--
So now you know the words to our song, pretty soon you'll all be singing
along, when you're sad, when you're lonely and it all turns out
On 25.10.18 18:55, Viktor Dukhovni wrote:
> Best to let it go, and just comment that the conclusions or advice are
> not universally applicable.
I could, and usually do, but in this instance I deliberately chose not
to. Best to let it go. ;-)
-Ralph
> On Oct 25, 2018, at 12:21 PM, Ralph Seichter
> wrote:
>
> Possibly, but *I* think that I've about had it with people stating their
> personal beliefs as facts, especially when my own experience shows that
> things are quite different where I am standing. In my opinion the OP did
> not merit me
> "Daniel" == Daniel Ryšlink writes:
Daniel> | You disable cleartext SMTP as well?
Daniel> The rationale here is that by accepting provenly insecure
Daniel> protocols, one provides an illusion of security, which is
Daniel> potentially more dangerous than transparently refuse, and fall
Daniel
On 25.10.18 17:23, Viktor Dukhovni wrote:
> I think there's probably a more appropriate way to disagree.
Possibly, but *I* think that I've about had it with people stating their
personal beliefs as facts, especially when my own experience shows that
things are quite different where I am standing.
> On Oct 25, 2018, at 7:11 AM, Ralph Seichter
> wrote:
>
> On 25.10.18 00:44, @lbutlr wrote:
>
>> TLSv1.2 has been out for a decade and there is no reason to be running
>> v1 or v1.1. At all.
>
> Please don't try to spread your personal misjudgement as gospel,
> there's a good chap.
I thin
On 25.10.18 00:44, @lbutlr wrote:
> TLSv1.2 has been out for a decade and there is no reason to be running
> v1 or v1.1. At all.
Please don't try to spread your personal misjudgement as gospel,
there's a good chap.
-Ralph
Miwa Susumu skrev den 2018-10-25 07:22:
client <-> postfix <-> o365
s23_srvr.c said error message, so Is postfix working as a server?
Is the problem occurring in 'client <-> postfix' communication?
could it be that o365 still uses sslv3 ?
logs please
if openssl is compiled with sslv2 and ssl
Matus UHLAR - fantomas skrev den 2018-10-25 10:29:
# postconf -d |grep tls|grep proto
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_protocols = !SSLv2
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_protocols = !SSLv2
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_protocols =
> On Oct 25, 2018, at 4:26 AM, Daniel Ryšlink wrote:
>
> The rationale here is that by accepting provenly insecure protocols, one
> provides an illusion of security, which is potentially more dangerous than
> transparently refuse, and fall back to plaintext delivery to preserve the
> functi
On 24.10.18 16:56, Burn Zero wrote:
Yea, I got it. But even with that configuration when I connect to my
server, my server is still accepting connections in TLSv1. If I disable
TLSv1 in my server,
warning: TLS library problem: 21975:error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown pro
| You disable cleartext SMTP as well?
The rationale here is that by accepting provenly insecure protocols, one
provides an illusion of security, which is potentially more dangerous
than transparently refuse, and fall back to plaintext delivery to
preserve the functionality (which can create an
On 24.10.18 16:56, Burn Zero wrote:
>Yea, I got it. But even with that configuration when I connect to my
>server, my server is still accepting connections in TLSv1. If I disable
>TLSv1 in my server,
>
>warning: TLS library problem: 21975:error:140760FC:SSL
>routines:SSL23_GET_CLIENT_HELLO:unknow
On Wed, Oct 24, 2018 at 04:44:19PM -0600, @lbutlr wrote:
> On Oct 24, 2018, at 09:19, Benny Pedersen wrote:
> > do not disable tlsv1
> I couldn’t disagree more. TLSv1.2 has been out for a decade and there is no
> reason to be running v1 or v1.1. At all.
You disable cleartext SMTP as well?
Bast
Hi
2018年10月24日(水) 20:28 Burn Zero :
> Yea, I got it. But even with that configuration when I connect to my server,
> my server is still accepting connections in TLSv1. If I disable TLSv1 in my
> server,
>
> warning: TLS library problem: 21975:error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HEL
On 24 Oct 2018, at 18:44, @lbutlr wrote:
On Oct 24, 2018, at 09:19, Benny Pedersen wrote:
do not disable tlsv1
I couldn’t disagree more. TLSv1.2 has been out for a decade and
there is no reason to be running v1 or v1.1. At all.
Well, you can say that, but...
# grep 'TLS connection estab
"@lbutlr" writes:
> On Oct 24, 2018, at 09:19, Benny Pedersen wrote:
>>
>> do not disable tlsv1
>
> I couldn’t disagree more. TLSv1.2 has been out for a decade and there is no
> reason to be running v1 or v1.1. At all.
>
> I’ve been running with TLSv1.2 only for over a year.
How much email a
@lbutlr skrev den 2018-10-25 00:44:
On Oct 24, 2018, at 09:19, Benny Pedersen wrote:
do not disable tlsv1
I couldn’t disagree more.
ditto here
TLSv1.2 has been out for a decade and there
is no reason to be running v1 or v1.1. At all
if openssl is last stable version, all problems is so
On Oct 24, 2018, at 09:19, Benny Pedersen wrote:
>
> do not disable tlsv1
I couldn’t disagree more. TLSv1.2 has been out for a decade and there is no
reason to be running v1 or v1.1. At all.
I’ve been running with TLSv1.2 only for over a year.
--
This is my signature. There are many like it
Cleartext email is even more vulnerable than TLSv1. SMTP is not as
exposed to the various CBC issues as is HTTP. There is no urgency
to disable TLS1 in SMTP. It'll gradually fade away, but there's no
need to explicitly disable it at present.
> On Oct 24, 2018, at 4:25 PM, Daniel Ryšlink wrote:
> do not disable tlsv1
It was recommended to disable support of TLSv1.0 on 30th June 2018 at
the latest, because it includes vulnerable ciphers.
https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls
--
Best Regards,
Daniel Ryšlink
System Administr
On Wed, Oct 24, 2018 at 12:59:06PM -0400, Viktor Dukhovni wrote:
> > My openssl version is OpenSSL 1.0.1e-fips 11 Feb 2013
>
> Support for TLS 1.2 was added in OpenSSL 1.0.2.
Apologies, I double-checked, and support for TLS 1.2 was in fact
added in OpenSSL 1.0.1, so your OpenSSL library should h
> Date: Wednesday, October 24, 2018 17:50:46 +0530
> From: Burn Zero
>
> Hi,
>
> I use CentOS 6.5
The current release level of Centos 6 is .10.
Centos 6.6 was released in early november 2014, so your system seems
to have gone about 4 years without updates (security and otherwise).
The curr
On Wed, Oct 24, 2018 at 04:28:29PM +0530, Burn Zero wrote:
> Currently my mail setup is using TLSv1 to connect to O365. Now that O365
> has announced dropping their support for TLSv1, TLSv1.1, how to enable
> support for TLSv1.2 in postfix 2.8.2?
>
> My openssl version is OpenSSL 1.0.1e-fips 11
Burn Zero skrev den 2018-10-24 13:26:
warning: TLS library problem: 21975:error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578:
its not a postfix question what is supported in openssl
ssl is not tls
do not disable tlsv1
if more help is needed show logs of smtp,
Hi,
I use CentOS 6.5
On Wed, Oct 24, 2018 at 5:01 PM Matus UHLAR - fantomas
wrote:
> On 24.10.18 16:56, Burn Zero wrote:
> >Yea, I got it. But even with that configuration when I connect to my
> >server, my server is still accepting connections in TLSv1. If I disable
> >TLSv1 in my server,
> >
On 24.10.18 16:56, Burn Zero wrote:
Yea, I got it. But even with that configuration when I connect to my
server, my server is still accepting connections in TLSv1. If I disable
TLSv1 in my server,
warning: TLS library problem: 21975:error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown pro
Hi,
Yea, I got it. But even with that configuration when I connect to my
server, my server is still accepting connections in TLSv1. If I disable
TLSv1 in my server,
warning: TLS library problem: 21975:error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578:
On Wed, Oc
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_protocols = !SSLv2, !SSLv3
>
> But that doesn't work. Still the connection is established using TLSv1.
Those are for smtpd or inbound connections. For outbound to O365 you need to
look at smtp_ settings.
--
br, Petri
https://metis.
Hi,
Currently my mail setup is using TLSv1 to connect to O365. Now that O365
has announced dropping their support for TLSv1, TLSv1.1, how to enable
support for TLSv1.2 in postfix 2.8.2?
My openssl version is OpenSSL 1.0.1e-fips 11 Feb 2013
It should also support TLSv1, TLSv1.1 for older clients
30 matches
Mail list logo
