This sounds great!

Once this and the DH Params patches are in place, we will install on a few servers and see how they go and let everyone know before we roll out everywhere.

If anyone else has any particular useful patches they have made, maybe this is a good time to speak up and perhaps add them to the code base.

Good job, guys.
-Erik


On April 6, 2017 02:58:37 pm EDT, "Neal Horman" <[email protected]> wrote:

I have applied the differences to Dan's patch and pushed them to github.com/nkhorman/panda-imap/tree/ssloptions.
I've only compile tested this on FreeBSD 10.3

I'll also apply a DH patch, if someone wants provide it.
Also, I'm open to other patches that would be generally useful for everyone.

If everyone agrees, I'll merge the ssloptions branch to master.

Regards
Neal

On 4/5/17 5:23 PM, Erik Kangas, Ph.D. wrote:

  Thanks.

We already pre-generate the DH parameters for sendmail and have them sitting around in a dhparms.pem file unique to the server. I wonder if anyone has created a patch that allows UW IMAP to read such a file and supply the parameters?

  -Erik Kangas

  On April 5, 2017 06:07:15 pm EDT, "Dan Lukes" [1]<[email protected]> wrote:

  Erik Kangas, Ph.D. wrote:
  > Has anyone found a way to get the Diffie Hellman TLS v1.2 ciphers (e.g..
  > DHE-RSA-AES256-GCM-SHA384) to work with UW IMAP / Panda IMAP?

  In order to perform a DH key exchange the server must use a DH group (DH
  parameters) and generate a DH key.

  UW IMAP neither generate DH parameters on the fly nor supply the
  parameters - thus no DHE can be negotiated.

  You may patch the code and use SSL_CTX_set_options(3) to set
  SSL_OP_SINGLE_DH_USE option, but generating DH parameters on the fly is
  extremely time consuming.

  Dan


 _______________________________________________
 Imap-uw mailing list
 [2][email protected]
 [3]http://mailman13.u.washington.edu/mailman/listinfo/imap-uw



---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

_______________________________________________
Imap-uw mailing list
[email protected]
[4]http://mailman13.u.washington.edu/mailman/listinfo/imap-uw

References

Visible links
1. mailto:[email protected]
2. mailto:[email protected]
3. http://mailman13.u.washington.edu/mailman/listinfo/imap-uw
4. http://mailman13.u.washington.edu/mailman/listinfo/imap-uw

_______________________________________________
Imap-uw mailing list
[email protected]
http://mailman13.u.washington.edu/mailman/listinfo/imap-uw

Reply via email to