[tpop3d-discuss] TLS status
Chris Lightfoot
chris at ex-parrot.com
Tue, 29 Jul 2003 14:55:28 +0100
On Tue, Jul 29, 2003 at 02:50:56PM +0100, Paul Makepeace wrote:
> On Tue, Jul 29, 2003 at 02:23:40PM +0100, Chris Lightfoot wrote:
[ the joy of SSL ]
> > > experimentation.
> >
> > The stuff is documented in the latest man pages.
>
> Hmm, I have :
>
> listen-address: 0.0.0.0:995;tls=immediate,certificate=/etc/mail/cert 0.0.0.0:11000
>
> And yet when I telnet to 995 I get intelligible text which is not what
> I'd expect from an "immediate" connection.
No, that's what you should expect -- tpop3d is sending the
first bit of TLS negotiation bumf, which is not human
readable. (Well, not unless you're really good at
multiplying big numbers in your head....) Try using
openssl s_client -host localhost -port 995
-- works for me.
I couldn't find a better name than `immediate' for the
mode where you establish the TLS connection as soon as the
physical connection is established. It's not exactly
obvious, is it?
> Is this a suggested configuration for TLS-only on port pop3s (995)?
Yep.
--
``He managed to hoodwink not just the great and the good like
Margaret Thatcher, John Major and William Hague, but many very
clever people too.'' (newspaper article, describing Jeffrey Archer)