Plamen Petrov writes:
Hi, MrSam!I'm trying to switch Courier's plain communication with their TLS/SSL equivalents... Now, as I understand it, TLS is the best among them; next is SSL3, and last - SSL2. From what I've read, I understand there is some provisions for the newer protocols to fall back to the older ones. I understand it is not Courier's fault when I have errors like courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in the logs, but... What is the proper way to do things, concerning Courier and TLS/SSL?Is there a way to configure the fallback so instead of the above error in thelog, Courier would try TLS -> SSL3 -> SSL2 ?
This is a limitation in OpenSSL. OpenSSL supports SSL3 with a fallback to SSL2, or TLS1. There is no facility in OpenSSL to have TLS with a fallback to SSL3.
GnuTLS is more flexible, however GnuTLS does not implement SSL2 as it's considered an obsolete protocol. GnuTLS implements TLS 1.1, TLS 1.0 and SSL3 only, and you can have a full fallback capability between them.
pgpYswecSGqfq.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
