Am 08.05.2014 22:25, schrieb Robert Schetterer:
Am 08.05.2014 21:29, schrieb Sebastian Goodrick:
perhaps this has impact...just an idea
http://blogs.technet.com/b/secguide/archive/2014/04/07/why-we-re-not-recomme...
so my specutlation, on win 8 fips mode enabled ,is default currently, ( please verify this ) , but it should be disabled be causing too much trouble...
On my fresh install of Win8.1:
HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy Enabled=0
hm..
Indicating that FIPS mode is disabled. As far as I understand FIPS it disables certain ciphers / protocols. However, my new dovecot/OpenSSL version provides more and stronger ciphers, so FIPS shouldn't be an issue (well, in theory).
definiton of "strong" maybe variable my speculate was, it leaves too less ciphers left
Regards Sebastian
i will test this now with my win8 and new dove installation, but it will take time doing endless win upgrades in the vm first
Best Regards MfG Robert Schetterer
meanwhile from
http://social.technet.microsoft.com/Forums/office/en-US/5a8df31b-ef3a-4f42-9...
... System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"
as found in
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
which as per description does
This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.
that needs to be disabled for Outlook.com's SMTP TLS to work.
or, looking at the registry: FIPSAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy/Enabled ...
any thoughts about that ?
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein