Cyrus backup: is traffic from master to backup server encrypted?

Patrick Boutilier boutilpj at ednet.ns.ca
Fri Nov 8 06:54:54 EST 2019


Just noticed that I am running an older version of Cyrus though.


On 11/8/19 7:35 AM, Patrick Boutilier wrote:
> Odd, works here.
> 
> 
> telnet localhost 2005
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> * SASL PLAIN
> * STARTTLS
> * COMPRESS DEFLATE
> * OK domain Cyrus sync server v2.4.20
> STARTTLS
> OK Begin TLS negotiation now
> 
> 
> 
> 
> On 11/8/19 2:12 AM, Deborah Pickett wrote:
>> ... or do I need to establish my own SSH tunnel from master to backup 
>> server?
>>
>> I've set up my dedicated Cyrus backup server with tls_server_cert and 
>> tls_server_key, and when I connect to port 2005 I see that STARTTLS is 
>> offered:
>>
>> # nc localhost 2005
>> * SASL PLAIN LOGIN DIGEST-MD5
>> * STARTTLS
>> * COMPRESS DEFLATE
>> * OK rsync Cyrus backup server 3.0.11-Debian-3.0.11-1~bpo10+1
>> STARTTLS
>> NO command not implemented
>>
>> But as shown, the STARTTLS command from the client is rejected.
>>
>> I believe that DIGEST-MD5 gives me some level of privacy (sync_test 
>> reports a security strength factor of 128) even without TLS?
>>
>> -- 
>> *Deborah Pickett*
>> System Administrator
>> *Polyfoam Australia Pty Ltd*
>>
>> ----
>> Cyrus Home Page: http://www.cyrusimap.org/
>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>> To Unsubscribe:
>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>
> 
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: boutilpj.vcf
Type: text/x-vcard
Size: 286 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20191108/b0ced130/attachment-0001.vcf>


More information about the Info-cyrus mailing list