Cyrus backup: is traffic from master to backup server encrypted?

Fri Nov 8 15:07:03 EST 2019

Thanks Patrick. I wonder if I inadvertently compiled out support for TLS when I built my binaries. I’ll try it again with the stock binaries rather than my patched ones. 

> On 8 Nov 2019, at 22:42, Patrick Boutilier <boutilpj at ednet.ns.ca> wrote:
> 
> Odd, works here.
> 
> 
> telnet localhost 2005
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> * SASL PLAIN
> * STARTTLS
> * COMPRESS DEFLATE
> * OK domain Cyrus sync server v2.4.20
> STARTTLS
> OK Begin TLS negotiation now
> 
> 
> 
> 
>> On 11/8/19 2:12 AM, Deborah Pickett wrote:
>> ... or do I need to establish my own SSH tunnel from master to backup server?
>> I've set up my dedicated Cyrus backup server with tls_server_cert and tls_server_key, and when I connect to port 2005 I see that STARTTLS is offered:
>> # nc localhost 2005
>> * SASL PLAIN LOGIN DIGEST-MD5
>> * STARTTLS
>> * COMPRESS DEFLATE
>> * OK rsync Cyrus backup server 3.0.11-Debian-3.0.11-1~bpo10+1
>> STARTTLS
>> NO command not implemented
>> But as shown, the STARTTLS command from the client is rejected.
>> I believe that DIGEST-MD5 gives me some level of privacy (sync_test reports a security strength factor of 128) even without TLS?