how are 'sasl_minimum_layer' & TLS related/dependent?

OpenMacNews openmacnews at speakeasy.net
Sun Oct 9 01:34:51 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi all,

i'm connecting to my cyrus-imap 2.2.12-cvs server on OSX 10.4.2 with a Thunderbird v107 client.

i've configured for TLS use, with imapd.conf including:

	sasl_minimum_layer:     128
	sasl_mech_list:         PLAIN
	allowplaintext:         no

i can login successfully, & my TBird protocol log shows TLS 'protection':

	40102400[5160f90]: 2330600:mail.testdomain.com:NA:CreateNewLineFromSocket: 1 OK Success (tls
protection)

per a long-ago post:

	Re: is TLS/SSL selection/connection ONLY via port 993?
	http://www.irbs.net/internet/info-cyrus/0411/0216.html
	from: Henrique de Moraes Holschuh

my understanding was that 'sasl_minimum_layer' >= 64 (128?) was *REQUIRED* for TLS protection ...


BUT, my config _seems_ to be insenitive to it.

if i change my imapd.conf entry to:

	sasl_minimum_layer:     0

i would have expected the connect to fail, but i *still* get TLS enabled:

	38991872[53b89c0]: 26a2c00:mail.testdomain.com:NA:CreateNewLineFromSocket: 1 OK Success (tls
protection)

### QUESTION: ###
what *is* the relationship/dependency of sasl_minimum_layer & TLS?


one 'suspect' ... to connect via TLS, TBird *requires* the following setup:

	Account Settings>(this account)>Server Settings
		Server Type: IMAP Mail Server
		Server Name: {mail.testdomain.com}
		Port: {993} Default: 993

		[x] Use secure connection (SSL)
		[ ] Use secure authentication

that "Use secure connection (SSL)" *must be checked ...

per that earlier referenced post:

	"imapd -s is for IMAP connections that are externally wrapped by SSL (bad).
	imapd is for non-encrypted IMAP connections, and IMAP connections that use
	TLS (good)."

is there, perhaps, an 'issue' with the port993 use defaulting to some minimum_layer strength
despite my imapd.conf setting?

confused here ... any insight would be much appreciated!

thx!

richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iEYEAREDAAYFAkNIq/sACgkQGnqMy4gvZ6FikwCeLjo/kaRQTuJQtORNwnmqO410
FEQAnisM89Wzdr6ukQ+DaZBUVrL8QOgq
=uI3P
-----END PGP SIGNATURE-----

More information about the Info-cyrus mailing list