Re: [courier-users] courier TLS_PROTOCOL compatibility
This is a discussion on Re: [courier-users] courier TLS_PROTOCOL compatibility within the Courier-Imap forums, part of the Mail Servers and Related category; This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-11-2008
|
|||
|
|||
Re: [courier-users] courier TLS_PROTOCOL compatibility
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages. The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards. --===============0437597432== Content-Type: multipart/signed; boundary="=_mimegpg-commodore.email-scan.com-10163-1205194208-0001"; micalg=pgp-sha1; protocol="application/pgp-signature" This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet software does not support MIME signed messages. The Internet standard for MIME PGP messages, RFC 2015, was published in 1996. To open this message correctly you will need to install E-mail or Usenet software that supports modern Internet standards. --=_mimegpg-commodore.email-scan.com-10163-1205194208-0001 Content-Type: text/plain; format=flowed; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Gordon Messmer writes: > I spent some time this afternoon doing compatibility testing with=20 > Courier's TLS_PROTOCOL settings, with both OpenSSL and GnuTLS libraries= ..=C2=A0=20 > The tables that follow detail the results that I observed.=C2=A0 GnuTLS = got=20 > somewhat less testing than OpenSSL.=C2=A0 If someone else wants to test = GnuTLS=20 > against sendmail, that would be quite useful. I can't read your HTML tables, but that's not important. The TLS settings=20 map directly into OpenSSL (or GnuTLS) library calls. So, this is a questi= on=20 of choosing the appropriate OpenSSL configuration. TLS_PROTOCOL translates directly into SSLv3_method(), SSLv23_method() or=20 TLSv1_method(), which initialize an SSL context structure. Then,=20 TLS_CIPHER_LIST is passed directly to SSL_CTX_set_cipher_list(). Someone=20 else mentioned the other day that there are certain=20 SSL_CTX_set_cipher_list() keywords that seem to override the initial cont= ext=20 settings. Try the following. Try setting TLS_PROTOCOL to SSL23, and TLS_CIPHER_LIST = to=20 "SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:!NULL@S TRENGTH", and see what=20 happens, vis-a-vis interoperability. --=_mimegpg-commodore.email-scan.com-10163-1205194208-0001 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQBH1c3gx9p3GYHlUOIRAlOLAJoDkBGZGNWlCMsudwZ7w6 ycFugyVgCdHhm7 AW5gUxHl1ZQJWhR7xkvHXK8= =bW99 -----END PGP SIGNATURE----- --=_mimegpg-commodore.email-scan.com-10163-1205194208-0001-- --===============0437597432== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ --===============0437597432== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/.../courier-users --===============0437597432==-- 
|
Linear Mode
