how to enable TLs encryption only ?
Olaf Fraczyk
olaf at navi.pl
Fri Mar 30 06:13:42 EST 2007
On Fri, 2007-03-30 at 16:19 +0530, JOYDEEP wrote:
> Olaf Fraczyk wrote:
> > On Fri, 2007-03-30 at 14:42 +0530, JOYDEEP wrote:
> >
> >> lartc wrote:
> >>
> >>> Hi,
> >>>
> >>> you can try this in imapd.conf:
> >>>
> >>> tls_ca_file: /etc/x509/your_ca_cert.pem
> >>> tls_cert_file: /etc/x509/your_pub_cert.pem
> >>> tls_key_file: /etc/x509/your_private.key
> >>> tls_require_cert: no
> >>> tlscache_db: berkeley
> >>>
> >>>
> >> Fantastic :-) so I have TLS now :-)
> >> Is there any option buy which I can force cyrus to communicate with the
> >> client through TLS only ?
> >>
> > Remove imap and leave imaps only :)
> >
>
> Dear Olaf and Carsten,
>
> I am a bit confused here. may be I am wrong but imaps is running at port
> 993 with SSL where imap with TLs is running at port 143.
> I need the imap + TLS. I don't have any imaps entry in my imapd.conf.
> So could you all be a little bore verbose :-)
> thanks for the help so far.
>
I mean that if you want to force encryption on users you need to use
imaps.
If you have imap + TLS it is up to the client to decide if it wants to
upgrade the "clear text" connection to TLS.
Disabling imap disallows connection of clients and sending clear text
passwords on the wire :)
You may consider (not technically 100% accurate):
imaps=imap+TLS_always_on.
And Carsten has already shown you how to enable imaps in imapd.conf.
Hope it makes things more clear ;)
Regards,
Olaf
--
Olaf Fraczyk <olaf at navi.pl>
NAVI
More information about the Info-cyrus
mailing list