Written by #xxaxxelxxOctober 14, 2021October 14, 2021

fetchmail | IMAP + SSL + selfsigned cert

poll imap.mydomain.tld with protocol IMAP user “myuser” password “mypassword” is “mylocalunixuser” here ssl sslfingerprint “5A:16:55:1D:61:1A:B3:B0:84:6C:04:8E:E6:15:A5:82” sslcertck sslcertpath /usr/local/homegrown/maildock/.certs For the sslfingerprint type and get the fingerprint. For the cert type openssl s_client -connect imap.mydomain.tld:993 get the cert and put it into a imapcert.pem file. Put that file into a .certs folder. Then rehash it with […]

Written by #xxaxxelxxNovember 1, 2019November 1, 2019

CAS genesisWorld | mobile apps | ssl certificates

Create a cert: https://bytesandbones.wordpress.com/2019/11/01/windows-server-2019-self-signed-certificates-for-iis/ You can’t select a cert via the CAS Server Manager. The IIS handles the encryption mess for you. Install IIS as a role. Run the IIS Manager. Goto Default Web Site. Goto Bindings. Add a new https element, edit the properties and select your just created cert. Do not start this […]

Written by #xxaxxelxxJuly 5, 2017

nginx | build with openssl support

./configure –with-http_ssl_module

Written by #xxaxxelxxMarch 28, 2017June 24, 2019

ICECAST WITH HTTPS

1. Install and configure Icecast listenning on 127.0.0.1 port 8000 without ssl. ;) 2. Install nginx 3. Create directory .well-known in webroot ( here: /var/www/html ) 4. Install certbot 5. Configure nginx: /etc/nginx/nginx.conf: #user www; worker_processes 4; #pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile […]

Written by #xxaxxelxxJune 10, 2016

Postfix | TLS | main.cf settings

##### TLS settings ###### tls_ssl_options = NO_COMPRESSION tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA tls_random_source = dev:/dev/urandom ### outgoing connections ### #smtp_tls_security_level=encrypt smtp_tls_security_level=may smtp_tls_loglevel = 1 smtp_tls_cert_file=/etc/postfix/cert.pem smtp_tls_key_file=/etc/postfix/key.pem smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_mandatory_ciphers=high smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache ### incoming connections ### #smtpd_tls_security_level=encrypt smtpd_tls_security_level=may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtpd_tls_cert_file=/etc/postfix/cert.pem smtpd_tls_key_file=/etc/postfix/key.pem smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers=high smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Written by #xxaxxelxxJuly 23, 2015

How to handle ssl3

http://disablessl3.com/

bytes and bones

stuff that matters

Tag: ssl