Cyrus backup: is traffic from master to backup server encrypted?

Deborah Pickett debbiep at polyfoam.com.au
Sun Nov 10 22:25:31 EST 2019


Answering my own question:
>
> ... or do I need to establish my own SSH tunnel from master to backup 
> server?
>
I do have to supply my own tunnel.  The Cyrus backup daemon currently 
(3.1.7) doesn't support the STARTTLS command.

             if (!strcmp(cmd.s, "Starttls") && tls_enabled()) {
                 prot_printf(backupd_out, "NO command not implemented\r\n");
                 eatline(backupd_in, c);
                 continue;
             }

Source: 
https://github.com/cyrusimap/cyrus-imapd/blob/master/backup/backupd.c#L715

Patrick: you are running the Cyrus sync server on port 2005, which does 
support TLS.  That's not the same as the backup server (at least in the 
3.x.x tree).  Note the difference in the OK line from the server.

-- 
*Deborah Pickett*
System Administrator
*Polyfoam Australia Pty Ltd*



More information about the Info-cyrus mailing list