On 1/3/08, Mark Constable <[EMAIL PROTECTED]> wrote:
>
> courierd:TLS_PROTOCOL=TLS1
> esmtpd-ssl:TLS_PROTOCOL=SSL23
> esmtpd:TLS_PROTOCOL=TLS1
> imapd-ssl:TLS_PROTOCOL=SSL23
> imapd-ssl:TLS_STARTTLS_PROTOCOL=TLS1
> pop3d-ssl:TLS_PROTOCOL=SSL23
> pop3d-ssl:TLS_STARTTLS_PROTOCOL=TLS1
I had to put SSL23 for ALL of these in order to get the errors to stop.
YMMV and you should of course test this out before using it in production.
The problem is that OpenSSL apparantely does not allow TLS sessions to fall
back to SSL3 which some mail servers/clients use instead of TLS (I think I
got that right). Sam has taken the step of allowing GnuTLS to replace
OpenSSL for SSL/TLS support. GnuTLS is capable of falling back to SSL so it
should also solve these issues for you but again, I would test this before
putting it in production. Last I heard, GnuTLS is significantly slower at
encryption than OpenSSL.
Jay
--
Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
