Sam Varshavchik wrote: > Plamen Petrov writes: > >> Hi, MrSam! >> >> I'm trying to switch Courier's plain communication >> with their TLS/SSL equivalents... >> Now, as I understand it, TLS is the best among them; >> next is SSL3, and last - SSL2. >> From what I've read, I understand there is some provisions >> for the newer protocols to fall back to the older ones. >> I understand it is not Courier's fault when I have errors like >> courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: >> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number >> in the logs, but... >> What is the proper way to do things, concerning Courier and TLS/SSL? >> Is there a way to configure the fallback so instead of the above >> error in the >> log, Courier would try TLS -> SSL3 -> SSL2 ? > > This is a limitation in OpenSSL. OpenSSL supports SSL3 with a fallback > to SSL2, or TLS1. There is no facility in OpenSSL to have TLS with a > fallback to SSL3. > > GnuTLS is more flexible, however GnuTLS does not implement SSL2 as > it's considered an obsolete protocol. GnuTLS implements TLS 1.1, TLS > 1.0 and SSL3 only, and you can have a full fallback capability between > them. > Thanks! Another quick question then: is it possible for one to have both OpenSSL and GnuTLS side-by-side, and tell Courier to use GnuTLS ? // me, opening browser to go look info about GnuTLS....
-- Plamen Petrov, network administrator Technical College - Silistra, RU "Angel Kantchev" http://tk.ru.acad.bg/ -------------------------------- this message is UTF8 encoded ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
