Sam Varshavchik wrote:
Plamen Petrov writes:
Hi, MrSam!
I'm trying to switch Courier's plain communication
with their TLS/SSL equivalents...
Now, as I understand it, TLS is the best among them;
next is SSL3, and last - SSL2.
From what I've read, I understand there is some provisions
for the newer protocols to fall back to the older ones.
I understand it is not Courier's fault when I have errors like
courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
in the logs, but...
What is the proper way to do things, concerning Courier and TLS/SSL?
Is there a way to configure the fallback so instead of the above
error in the
log, Courier would try TLS -> SSL3 -> SSL2 ?
This is a limitation in OpenSSL. OpenSSL supports SSL3 with a fallback
to SSL2, or TLS1. There is no facility in OpenSSL to have TLS with a
fallback to SSL3.
GnuTLS is more flexible, however GnuTLS does not implement SSL2 as
it's considered an obsolete protocol. GnuTLS implements TLS 1.1, TLS
1.0 and SSL3 only, and you can have a full fallback capability between
them.
Thanks! Another quick question then: is it possible for one to have both
OpenSSL and GnuTLS side-by-side,
and tell Courier to use GnuTLS ?
// me, opening browser to go look info about GnuTLS....
--------------------------------
this message is UTF8 encoded
4 messages in net.sourceforge.lists.courier-usersRe: [courier-users] Courier + TLS/SSL...
