This sounds great!
Once this and the DH Params patches are in place, we will install on a
few servers and see how they go and let everyone know before we roll
out everywhere.
If anyone else has any particular useful patches they have made, maybe
this is a good time to speak up and perhaps add them to the code base.
Good job, guys.
-Erik
On April 6, 2017 02:58:37 pm EDT, "Neal Horman" <[email protected]> wrote:
I have applied the differences to Dan's patch and pushed them to
github.com/nkhorman/panda-imap/tree/ssloptions.
I've only compile tested this on FreeBSD 10.3
I'll also apply a DH patch, if someone wants provide it.
Also, I'm open to other patches that would be generally useful for everyone.
If everyone agrees, I'll merge the ssloptions branch to master.
Regards
Neal
On 4/5/17 5:23 PM, Erik Kangas, Ph.D. wrote:
Thanks.
We already pre-generate the DH parameters for sendmail and have them
sitting around in a dhparms.pem file unique to the server. I wonder if
anyone has created a patch that allows UW IMAP to read such a file and
supply the parameters?
-Erik Kangas
On April 5, 2017 06:07:15 pm EDT, "Dan Lukes" [1]<[email protected]> wrote:
Erik Kangas, Ph.D. wrote:
> Has anyone found a way to get the Diffie Hellman TLS v1.2 ciphers (e.g..
> DHE-RSA-AES256-GCM-SHA384) to work with UW IMAP / Panda IMAP?
In order to perform a DH key exchange the server must use a DH group (DH
parameters) and generate a DH key.
UW IMAP neither generate DH parameters on the fly nor supply the
parameters - thus no DHE can be negotiated.
You may patch the code and use SSL_CTX_set_options(3) to set
SSL_OP_SINGLE_DH_USE option, but generating DH parameters on the fly is
extremely time consuming.
Dan
_______________________________________________
Imap-uw mailing list
[2][email protected]
[3]http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
_______________________________________________
Imap-uw mailing list
[email protected]
[4]http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
References
Visible links
1. mailto:[email protected]
2. mailto:[email protected]
3. http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
4. http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
_______________________________________________
Imap-uw mailing list
[email protected]
http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
