On 01/22/2013 05:22 PM, Matthias Hunstock wrote:
Am 22.01.2013 15:56, schrieb Theodotos Andreou:
Any idea what I am missing?
Linebreaks! :)
Sorry about that! Some really ugly bug in my test setup! :P
Why do you want to have TLS on port 995 at all?
> $ openssl s_client -connect pop.example.com:995
Isn't port 995 assigned to
pop3s? I am using this because we want to
exclude unecrypted connections
Unless you use "-starttls pop3", this will always try to negotiate an
explicit SSL session.
That's the point we want SSL (TLS actualy) only sessions.
STARTTLS
implies that the connection starts unecrypted and then you request to be
encrypted using STARTTLS. This will allow users to use the connection
unecrypted if they choose not to use STARTTLS. Right?
My guess is that you want
$ openssl s_client -connect pop.example.com:110 -starttls pop3
We do not want this
as this will allow unencrypted connections.
and
$ openssl s_client -connect pop.example.com:995
to succeed?
We do want this but allow only TLS (not SSLv2 or SSLv3)
To get an idea of our setup. There is a dovecot backend which is
configured to accept cleartext connections. We want perdition to accept
TLS only connections and talk to dovecot in cleartext. Is this possible?
Why does ssl_listen works and tls_listen isn't?
> ______________________________________________
> Perdition-users mailing list
> Perdition-users(a)vergenet.net
>
http://lists.vergenet.net/listinfo/perdition-users
>