[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tpop3d-discuss] TLS status
From: |
Paul Makepeace |
Subject: |
Re: [tpop3d-discuss] TLS status |
Date: |
Tue, 29 Jul 2003 20:08:22 +0100 |
User-agent: |
Mutt/1.5.3i |
On Tue, Jul 29, 2003 at 02:55:28PM +0100, Chris Lightfoot wrote:
> On Tue, Jul 29, 2003 at 02:50:56PM +0100, Paul Makepeace wrote:
> > On Tue, Jul 29, 2003 at 02:23:40PM +0100, Chris Lightfoot wrote:
> [ the joy of SSL ]
> > > > experimentation.
> > >
> > > The stuff is documented in the latest man pages.
> >
> > Hmm, I have :
> >
> > listen-address: 0.0.0.0:995;tls=immediate,certificate=/etc/mail/cert
> > 0.0.0.0:11000
** That should in fact not have the "certificate=" bit.
> >
> > And yet when I telnet to 995 I get intelligible text which is not what
> > I'd expect from an "immediate" connection.
>
> No, that's what you should expect -- tpop3d is sending the
> first bit of TLS negotiation bumf, which is not human
I did say /intelligible/, i.e. I can read it, viz:
$ telnet localhost 995
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK <address@hidden>
^]
telnet> close
Connection closed.
$
Anyway it turned out I accidently was executing the old tpop3d. Duh,
pardon me. It seems to be working at least from the openssl command line
test. Once I've had users try it I'll make a INSTALL.TLS doc or
something for my sins.
> mode where you establish the TLS connection as soon as the
> physical connection is established. It's not exactly
> obvious, is it?
This bit I did actually understand from the docs :)
I noticed that if tpop3d can't bind to all its ports it is merely a
warning not an error and the daemon doesn't exit. I was surprised by
this as I'd generally treat failure to bind as a hard error; is this
intentional?
Paul
--
Paul Makepeace ....................................... http://paulm.com/
"If life is good, then will I really have to explain this to my
parents."
-- http://paulm.com/toys/surrealism/