How to make sync_client invoke STARTTLS for replication
Rudy Gevaert
Rudy.Gevaert at UGent.be
Fri May 28 09:09:47 EDT 2010
Hello Wesley,
On Wed, May 26, 2010 at 11:52:01AM -0400, Wesley Craig wrote:
> >Has anybody been able to fix this?
>
> Define "fix".
Well I meant, using enforcing TLS. For now I set allowplaintext, but
would prefer not too.
> If you have allowplaintext set, there's no reason to
> use TLS. If you don't have allowplaintext, there are bugs in 2.3.16
> that prevent it from working. See:
>
> https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3174
>
> There are other configurations that don't work, either. For
> example, if you configure sync_client to use a list of mechs, those
> mechs aren't compared to the mechs offered by sync_server. See:
>
> https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3093
>
> If you have feedback on either of these, I'm listening and
> committing improvements. Maybe you're trying to get TLS while using
> some other form of strong crypto?
Thanks, for replying. But I'm not sure what you are saying with the
above patches.
So I can't sync_client over TLS (and SSL) to work for now?
Rudy
More information about the Info-cyrus
mailing list