[tpop3d-discuss] SSL
Chris Lightfoot
chris at ex-parrot.com
Tue, 2 Jul 2002 22:14:17 +0100
On Tue, Jul 02, 2002 at 09:55:29PM +0200, chris@ex-parrot.com wrote:
> As somewhere said SSL Encryption using stunnel or tlsproxyd should work with tpop3d.
>
> I did try it with both, but directly after connecting my Email Client (MS Outlook) says TCP con has been closed.
> So im wondering if anyone knows how to solve the Problem:
>
> my tlsrpoxy config file as example:
> certificate=/etc/tpop3d/server.crt
> private-key=/etc/tpop3d/server.key
> max-processes=30
> user=nobody
> group=nobody
> 192.168.1.200:995 -> 127.0.0.1:110
Hmm. Microsoft Outlook Express -- at least in version 5.0,
which is what I have to hand here -- makes zillions of
connections to the server apparently in an attempt to
discover which particular broken set of SSL options it
feels like using today. Typical session:
new connection 10.73.32.34:1235 -/10.73.32.1:995/-> 127.0.0.1:9000
10.73.32.34:1235 -/10.73.32.1:995/-> 127.0.0.1:9000: \
SSL_accept: sslv3 rollback attack
new connection 10.73.32.34:1236 -/10.73.32.1:995/-> 127.0.0.1:9000
10.73.32.34:1236 -/10.73.32.1:995/-> 127.0.0.1:9000: \
SSL_accept: unknown protocol
new connection 10.73.32.34:1237 -/10.73.32.1:995/-> 127.0.0.1:9000
10.73.32.34:1237 -/10.73.32.1:995/-> 127.0.0.1:9000: \
SSL_accept: no shared cipher
new connection 10.73.32.34:1238 -/10.73.32.1:995/-> 127.0.0.1:9000
10.73.32.34:1238 -/10.73.32.1:995/-> 10.73.32.1:995: \
connection shut down normally
Now, to be honest, I have no idea what all of this stuff
is about. But it does manage to connect and use the thing.
I've found a couple of bugs in the error reporting in
tlsproxyd and fixed a missing close(); you might want to
try
http://ex-parrot.com/~chris/tlsproxyd/tlsproxyd-0.0.2pre2.tar.gz
--
``Sri Lankans urged to multiply for war.'' (BBC News headline)