Gordon Messmer writes:
I spent some time this afternoon doing compatibility testing with Courier's TLS_PROTOCOL settings, with both OpenSSL and GnuTLS libraries. The tables that follow detail the results that I observed. GnuTLS got somewhat less testing than OpenSSL. If someone else wants to test GnuTLS against sendmail, that would be quite useful.
I can't read your HTML tables, but that's not important. The TLS settings map directly into OpenSSL (or GnuTLS) library calls. So, this is a question of choosing the appropriate OpenSSL configuration.
TLS_PROTOCOL translates directly into SSLv3_method(), SSLv23_method() or TLSv1_method(), which initialize an SSL context structure. Then, TLS_CIPHER_LIST is passed directly to SSL_CTX_set_cipher_list(). Someone else mentioned the other day that there are certain SSL_CTX_set_cipher_list() keywords that seem to override the initial context settings.
Try the following. Try setting TLS_PROTOCOL to SSL23, and TLS_CIPHER_LIST to "SSLv3:TLSv1:!SSLv2:HIGH:!LOW:!MEDIUM:!EXP:[EMAIL PROTECTED]", and see what happens, vis-a-vis interoperability.
pgp0nU1nH2PHJ.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
