On Wed, 2004-02-18 at 01:42, Andreas Aardal Hanssen wrote: > On Tue, 17 Feb 2004, Jeremy Kitchen wrote: > >I'm not trying to sway anyone from using binc's built in ssl stuff, just > >trying to stir up some conversation about this, get some opinions. > > One reason is that Binc IMAP supports STARTTLS, which allows admins to > provide both plain text and SSL enabled IMAP over port 143 (single port, > single firewall hole), and ucspi-ssl doesn't support this.
true, although starttls I'm not really worried about. I assume that binc running with --ssl as in the /opt/bincimap/var/service/imaps/run script wraps the entire connection after it is created, no? > Another reason is that Binc IMAP doesn't depend on anything other than the > OpenSSL libraries, which makes it easier to install and maintain. Given > the SSL certificate and private key, which you need anyway, it's just a > single tcp-wrapped IMAP server that gives you what you need. quick question there.. are the ssl libraries statically linked or loaded as shared objects? I don't want to have to recompile binc (takes FOREVER :P) every time I update ssl, which to be honest, is pretty rare, but I'm sure it will happen at some point. > Now, for admins who prefer not to have explicit SSL support in Binc but > rather use an SSL enabled (port 993) wrapper like stunnel or ucspi-ssl, > compiling --without-ssl removes every single line of SSL from bincimap-up, > so they should be happy too. I was mainly wondering for performance/reliability issues. considering it's imap, it can potentially be a long running daemon, and I'm always concerned about the stability/reliability of such long running daemons :) Thanks for the input though. I think I'll just make it consistent and use ucspi-ssl for wrapping the services (I'm already using it to wrap smtp and pop3) Cheers! :) -Jeremy -- Jeremy Kitchen Systems Administrator [EMAIL PROTECTED] Kitchen @ #qmail on EFNet - Join the party! ..................... Inter7 Internet Technologies, Inc. www.inter7.com 866.528.3530 toll free 847.492.0470 int'l 847.492.0632 fax GNUPG key ID: 93BDD6CE
