Allow plaintext and TLS
Patrick H Radtke
phr2101 at columbia.edu
Mon Apr 3 10:08:28 EDT 2006
On Mon, 3 Apr 2006, Nikola Milutinovic wrote:
> Hi all.
>
> It looks like I've hit a minor bug in Cyrus. It has to do with "allowplaintext"
> option.
>
> I have set this option to "no". When I setup my client (Thunderbird) to use TLS
> and PLAIN, it says "Server refused... blah, blah". When I set it to use SSL and
> PLAIN, I can login.
>
>> From this I can only conclude that the server is not advertising AUTH=PLAIN if
> the connection is over TLS, while it is advertizing it over SSL. I'd say this
> is a bug, since TLS does/should provide SSF=256.
>
> If I understand correctly, SSL is a SSL wrapper over the connection and it gets
> established BEFORE IMAP connection is established. TLS, on the other hand, is
> initiated within an established IMAP connection. I'd say TLS code is forgetting
> to raise SSF to 256, upon successful establishing of encrypted communication.
>
> Nix.
>
It works for us.
Have you tried imtest?
imtest -m PLAIN -t "" hostname
This should do a CAPABILITY call, AUTH=PLAIN won't be advertised, and then
it should to a STARTTLS and then another CAPABILITY call and AUTH=PLAIN
will now be advertised since the connection is secure.
-Partick
More information about the Info-cyrus
mailing list