[tpop3d-discuss] TLS status
beasts.org at paulm.com
Tue, 29 Jul 2003 20:08:22 +0100
On Tue, Jul 29, 2003 at 02:55:28PM +0100, Chris Lightfoot wrote:
> On Tue, Jul 29, 2003 at 02:50:56PM +0100, Paul Makepeace wrote:
> > On Tue, Jul 29, 2003 at 02:23:40PM +0100, Chris Lightfoot wrote:
> [ the joy of SSL ]
> > > > experimentation.
> > >
> > > The stuff is documented in the latest man pages.
> > Hmm, I have :
> > listen-address: 0.0.0.0:995;tls=immediate,certificate=/etc/mail/cert 0.0.0.0:11000
** That should in fact not have the "certificate=" bit.
> > And yet when I telnet to 995 I get intelligible text which is not what
> > I'd expect from an "immediate" connection.
> No, that's what you should expect -- tpop3d is sending the
> first bit of TLS negotiation bumf, which is not human
I did say /intelligible/, i.e. I can read it, viz:
$ telnet localhost 995
Connected to localhost.
Escape character is '^]'.
Anyway it turned out I accidently was executing the old tpop3d. Duh,
pardon me. It seems to be working at least from the openssl command line
test. Once I've had users try it I'll make a INSTALL.TLS doc or
something for my sins.
> mode where you establish the TLS connection as soon as the
> physical connection is established. It's not exactly
> obvious, is it?
This bit I did actually understand from the docs :)
I noticed that if tpop3d can't bind to all its ports it is merely a
warning not an error and the daemon doesn't exit. I was surprised by
this as I'd generally treat failure to bind as a hard error; is this
Paul Makepeace ....................................... http://paulm.com/
"If life is good, then will I really have to explain this to my