Re: ssl connection to imap server

[gdt]

pranavtiwari@yahoo.com writes:

> 1. Does GNUS support SSL connection to the IMAP server?

Yes.  I use this all the time on NetBSD, via the default openssl
external program.

> 2. I believe gnus does work with starttls package. How does a TLS
>    connection differ from SSL? Secondly, starttls package requires
>    starttls.exe on the windows machine. Where can one get starttls.exe
>    distribution for windows?

TLS and SSL are very similar protocols; TLS is essentially SSL version
4.  But, SSL is typically used on a different port (993 or imaps) than
unencrypted IMAP.  STARTTLS is an extension for a number of protocols
(SMTP) where a connection is made to the regular port and then the use
of TLS negotiated.

>From gnus/lisp/imap.el:

;; imap.el support RFC1730/2060/RFC3501 (IMAP4/IMAP4rev1), implemented
;; IMAP extensions are RFC2195 (CRAM-MD5), RFC2086 (ACL), RFC2342
;; (NAMESPACE), RFC2359 (UIDPLUS), the IMAP-part of RFC2595 (STARTTLS,
;; LOGINDISABLED) (with use of external library starttls.el and
;; program starttls), and the GSSAPI / kerberos V4 sections of RFC1731
;; (with use of external program `imtest'), RFC2971 (ID).  It also
;; take advantage the UNSELECT extension in Cyrus IMAPD.

>From gnus/lisp/starttls.el:

;; This file now contains a combination of the two previous
;; implementations both called "starttls.el".  The first one is Daiki
;; Ueno's starttls.el which uses his own "starttls" command line tool,
;; and the second one is Simon Josefsson's starttls.el which uses
;; "gnutls-cli" from GNUTLS.
;;
;; If "starttls" is available, it is prefered by the code over
;; "gnutls-cli", for backwards compatibility.  Use
;; `starttls-use-gnutls' to toggle between implementations if you have
;; both tools installed.  It is recommended to use GNUTLS, though, as
;; it performs more verification of the certificates.

So installing gnutls should suffice.

-- 
        Greg Troxel <gdt@work.lexort.com>