[tpop3d-discuss] TLS status

Paul Makepeace beasts.org at paulm.com
Tue, 29 Jul 2003 20:08:22 +0100

On Tue, Jul 29, 2003 at 02:55:28PM +0100, Chris Lightfoot wrote:
> On Tue, Jul 29, 2003 at 02:50:56PM +0100, Paul Makepeace wrote:
> > On Tue, Jul 29, 2003 at 02:23:40PM +0100, Chris Lightfoot wrote:
>     [ the joy of SSL ]
> > > > experimentation.
> > > 
> > > The stuff is documented in the latest man pages.
> > 
> > Hmm, I have :
> > 
> > listen-address:;tls=immediate,certificate=/etc/mail/cert

** That should in fact not have the "certificate=" bit.

> > 
> > And yet when I telnet to 995 I get intelligible text which is not what
> > I'd expect from an "immediate" connection.
> No, that's what you should expect -- tpop3d is sending the
> first bit of TLS negotiation bumf, which is not human

I did say /intelligible/, i.e. I can read it, viz:

$ telnet localhost 995
Connected to localhost.
Escape character is '^]'.
+OK <79ac204b6550fc1a31f0957ace4cd1db@mythix>
telnet> close
Connection closed.

Anyway it turned out I accidently was executing the old tpop3d. Duh,
pardon me. It seems to be working at least from the openssl command line
test. Once I've had users try it I'll make a INSTALL.TLS doc or
something for my sins.

> mode where you establish the TLS connection as soon as the
> physical connection is established. It's not exactly
> obvious, is it?

This bit I did actually understand from the docs :)

I noticed that if tpop3d can't bind to all its ports it is merely a
warning not an error and the daemon doesn't exit. I was surprised by
this as I'd generally treat failure to bind as a hard error; is this


Paul Makepeace ....................................... http://paulm.com/

"If life is good, then will I really have to explain this to my
   -- http://paulm.com/toys/surrealism/