Re: Re: Feature request SCRAM-SHA-256

2019-01-13 Thread Tributh via dovecot
10:06 schreef Tributh via dovecot: >> >> Am 16.12.18 um 09:42 schrieb Aki Tuomi: >>>> On 16 December 2018 at 10:27 Tributh via dovecot >>>> wrote: >>>> >>>> >>>> Hi, >>>> is that here the right place to make feat

Re: Re: How to configure Dovecot to disable NIST's curves and still rertain EECDH?

2018-12-18 Thread Tributh via dovecot
Am 19.12.18 um 07:10 schrieb Kurt Fitzner: > My opinion is that security by RFC is not security, it's mommy > medicine.  Standards have had a terrible time keeping up with security > realities. > > NITS's curves leak side channel information all over the place.  I don't > have details on what i

Re: How to configure Dovecot to disable NIST's curves and still rertain EECDH?

2018-12-18 Thread Tributh via dovecot
Am 19.12.18 um 04:39 schrieb Kurt Fitzner: > I am interested in configuring Dovecot's TLS so as to retain forward > secrecy, but eliminate all of NIST's elliptic curves. > > Besides being subject to side channel attacks > , in some quarters there is a

Re: ECDSA client question

2018-12-16 Thread Tributh via dovecot
Am 16.12.18 um 12:13 schrieb Michael A. Peters: > Hi, for those who have adopted ECDSA, > > Are there still any commonly used IMAPS/POP3S clients that still can not > handle ECDSA certificates? > > I know you can set up Dovecot dor dual cert, I am just trying to > determine if there still is a

Re: Feature request SCRAM-SHA-256

2018-12-16 Thread Tributh via dovecot
Am 16.12.18 um 09:42 schrieb Aki Tuomi: > >> On 16 December 2018 at 10:27 Tributh via dovecot wrote: >> >> >> Hi, >> is that here the right place to make feature requests? >> >> dovecot supports as authentication mechanism >> SCRAM-SHA-1 fro

Feature request SCRAM-SHA-256

2018-12-16 Thread Tributh via dovecot
Hi, is that here the right place to make feature requests? dovecot supports as authentication mechanism SCRAM-SHA-1 from RFC 5802 which was updated to SCRAM-SHA-256 in RFC 7677 Can SCRAM-SHA-256 be added to the authentication mechanisms? I would not like to request, that SCRAM-SHA-1 will be exch

openssl 1.1.0d breaks Android7 TLS connects

2017-02-14 Thread Tributh
Hi, the actual OpenSSL version detection in dovecot is insufficient. The implementation only checks for SSL_CTRL_SET_ECDH_AUTO. That was effective for OpenSSL 1.0.2, but in 1.1.0 it is removed. Thats the code part: #ifdef SSL_CTRL_SET_ECDH_AUTO /* OpenSSL >= 1.0.2 automatically handles ECD

TLS feature missing

2017-01-13 Thread Tributh
Hi, i was using dovecot 2.2.25 compiled with opnessl 1.0.2 I realised with a cipherscan utility that i was able to support mulitiple TLS curves. Now i upgraded to 2.2.27 with opnessl1.1.0 and was falling back to historical stages where my server only servers one TLS-curve: secp384r1 right now. One