Allow plaintext and TLS

Kjetil Torgrim Homme kjetilho at ifi.uio.no
Tue Apr 4 09:50:22 EDT 2006


On Mon, 2006-04-03 at 09:48 -0500, Richard Wohlstadter wrote:
> Nikola Milutinovic wrote:
> > I have set this option to "no". When I setup my client (Thunderbird) to use TLS
> > and PLAIN, it says "Server refused... blah, blah". When I set it to use SSL and
> > PLAIN, I can login.
>
> We use Thunderbird 1.5 and it does not work(bug) with regards to TLS and 
> connecting to Cyrus so we currently use SSL as well.  I just tested the 
> latest build of Thunderbird (Version 3 Alpha 1) and the TLS to cyrus 
> works fine.  Looks like you need to wait for the next stable release of 
> Thunderbird or use the alpha.

I'd just like to confirm that Thunderbird 1.5 is broken.  we refuse
logins until after STARTTLS, but Thunderbird considers that the
capability "LOGINDISABLED" means "login is disabled", not "the protocol
command LOGIN is disabled", so it will pop up a message about the server
not currently accepting logins and refuse to work.

if we remove LOGINDISABLED from the capability response, it will happily
try to authenticate _before_ STARTTLS, thereby sending the password in
the clear...  it's amazing they could break IMAP this badly.
-- 
Kjetil T.




More information about the Info-cyrus mailing list