Monthly Archives: July 2014

Disable client certificate requests for Cyrus IMAP

Cyrus LogoCyrus IMAPd always asks for a client certificate. This can be unnerving for users running Thunderbird as their mail client which have a user certificate installed and are thus always asked whether they want to send it. (There is no way to tell Thunderbird not to send a client certificate, you can only select which one.) Continue reading Disable client certificate requests for Cyrus IMAP

Using TLS Interposer with OpenSSL 0.9.8g (Debian Lenny)

Debian logoOlder installations, such as trusty Debian Lenny, come with versions of OpenSSL 0.9.8. The default cipher suite used by TLS Interposer is very restrictive, on purpose. For OpenSSL 0.9.8g, the only remaining cipher is RC4-SHA.

Especially when configuring XMPP servers such as ejabberd to use TLS Interposer, RC4-SHA alone can be not enough (e.g., when connecting to servers such as jabber.ru, which has RC4 disabled entirely. Continue reading Using TLS Interposer with OpenSSL 0.9.8g (Debian Lenny)