Hi Niclas! niclas schrieb: > I can confirm that SSL23 doesn't work on my system, only SSL2 does, at > least with some clients. The problem seems to be a handshaking / > SSL-hello problem which affects STARTTLS-connections also.
If you set "SSL2" you have to be aware, that some other clients (those not using a SSL2.0 compatible handshake) will fail. This especially affects all mail clients using GnuTLS as their SSL/TLS implementation. > So I tried out different settings for TLS_STARTTLS_PROTOCOL: > > - SSL2 works without forcing anything. > - SSL23 works only if -tls1 is forced! (why?) > - SSL3 works without forcing. > - TLS1 works if forced (as said). In case courier does not understand the setting (e.g. in case of 0.56.0 which does not know "SSL23") it interprets it as TLS1. This should explain why you have to force tls if you set SSL23. > I tried openssl s_client -connect host:993 with: the GnuTLS test command (to test if you configuration works with this SSL implementation as well) is: gnutls-cli server.domain -p 993 .. which will not work when set to "SSL2". Matthias ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
