Plamen Petrov writes:
Sam Varshavchik wrote:Thanks! Another quick question then: is it possible for one to have both OpenSSL and GnuTLS side-by-side,Plamen Petrov writes:Hi, MrSam! I'm trying to switch Courier's plain communication with their TLS/SSL equivalents... Now, as I understand it, TLS is the best among them; next is SSL3, and last - SSL2. From what I've read, I understand there is some provisions for the newer protocols to fall back to the older ones. I understand it is not Courier's fault when I have errors like courieresmtpd: courieresmtpd: STARTTLS failed: couriertls: accept: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in the logs, but... What is the proper way to do things, concerning Courier and TLS/SSL?Is there a way to configure the fallback so instead of the above error in thelog, Courier would try TLS -> SSL3 -> SSL2 ?This is a limitation in OpenSSL. OpenSSL supports SSL3 with a fallback to SSL2, or TLS1. There is no facility in OpenSSL to have TLS with a fallback to SSL3.GnuTLS is more flexible, however GnuTLS does not implement SSL2 as it's considered an obsolete protocol. GnuTLS implements TLS 1.1, TLS 1.0 and SSL3 only, and you can have a full fallback capability between them.and tell Courier to use GnuTLS ?
GnuTLS support in Courier is relatively new and is only in the development build now. You must decide at compile time whether to use OpenSSL, or GnuTLS.
pgpaOuXyY8orX.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
