On Thursday 03 January 2008 22:00:15 Jay Lee wrote: > I had to put SSL23 for ALL of these in order to get the errors to stop.
Great, thanks for the tip. > YMMV and you should of course test this out before using it in production. In a perfect world, yes :) > The problem is that OpenSSL apparantely does not allow TLS sessions to fall > back to SSL3 which some mail servers/clients use instead of TLS (I think I > got that right). Sam has taken the step of allowing GnuTLS to replace > OpenSSL for SSL/TLS support. GnuTLS is capable of falling back to SSL so it > should also solve these issues for you but again, I would test this before > putting it in production. Last I heard, GnuTLS is significantly slower at > encryption than OpenSSL. I have used the SSL ports 465, 993 and 995 for years but I still have no idea what, where and how TLS fits into the picture. In fact I end up in a world of pain everytime I have anything to do with TLS. Anyhow, I tried this on a server for the last hour with zero STARTTLS errors (100 per hour previously) and all else seems well so, again, thanks for the tip and TLS info. courierd:TLS_PROTOCOL=SSL23 esmtpd-ssl:TLS_PROTOCOL=SSL23 esmtpd:TLS_PROTOCOL=SSL23 imapd-ssl:TLS_PROTOCOL=SSL23 imapd-ssl:TLS_STARTTLS_PROTOCOL=SSL23 pop3d-ssl:TLS_PROTOCOL=SSL23 pop3d-ssl:TLS_STARTTLS_PROTOCOL=SSL23 --markc ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
