On 2011-10-21 8:53 AM, Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > The SSLFailed cache in assp is a DoS prevention - there is no good reason > to disable it - even not for privat IP's.
Wasn't suggesting it should be disabled, I was suggesting that maybe refusing to continue to offer STARTTLS/SSL because of one, temporary 'failure' (as happens when Thunderbird prompts the user to accept a self-signed cert) is not best practice. Postfix, Exchange Server, web servers, etc, ALL continue to offer STARTTLS/SSL when using Thunderbird, so ASSP should do the same thing. Maybe limit it to 5 failures, or something like that, but what it is doing now is bad practice. -- Best regards, Charles ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
