is TLS/SSL selection/connection ONLY via port 993?
OpenMacNews
cyrus-info.20.openmacnews at spamgourmet.com
Tue Nov 16 03:57:36 EST 2004
hi again,
>> but, why is "imapd -s is for IMAP connections that are externally wrapped
>> by SSL" --> considered "BAD"?
>
> Because TLS allows one to select which certificate to present, and SSL
> doesn't.
aha.
> SSLv2 should not be used at all if you can help it
gone.
>> i presume, then, that SSLvX *starts* encrypted ... hence the port 993. true?
> Yes.
it's actually starting to make sense =)
>> > BTW add this to imapd.conf:
>> > tls_cipher_list: ALL:!ADH:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
>
> Actually, ALL:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH is even better; I did
> some extra reading.
>
>> tls_cipher_list: TLSv1:SSLv3:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
>>
>> i _thought_ the !ADH is there by default ... and i see no reason NOT to
>> explicitly include (ALL) the high/med grade ciphers.
>
> It is not. TLSv1 will include it... so you need either !ADH or !aNULL (the
> later is better). Try openssl ciphers -v, and you'll see.
got it. cryptic, but with a little staring ... clear.
thx! it's working perfectly now ... on to the next step.
best,
richard
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list