I've just had to turn off STLS on our Courier-IMAP server after migrating a userbase which includes Outlook Express users.
It seems that these users have been unable to login, and the problem was fixed when we turned off STLS. (NB this information is third-hand via customer facing staff, and may be subject to the usual Chinese Whispers) At a guess though, I'd guess it's something to do with different versions of TLS - i.e. the same problem I had with 'fetchmail' until I configured it to use TLS1 instead of SSL. Perhaps old OE versions only supported SSLv2. This is a bit of a heads-up really, although I would like to know if anyone knows how HTTPS deals with this problem: i.e. is there a reliable negotiation mechanism for SSL2/SSL3/TLS1? If so, how does it work, and is it applicable to POP3 STLS? (RFC2246 section E has some info, and talks about a TLS1 client talking to an SSL2 server, but I don't see the other way round being dealt with explicitly) Cheers, Brian. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
