Re: [courier-users] OpenSSL crash with STARTTLS in Courier

Sun, 04 May 2014 11:57:46 -0700 

On Sun, 04 May 2014 13:05:30 -0500
Lindsay Haisley <fmouse-cour...@fmp.com> wrote:

> So it looks as if the issue here is that courier is using only SSL/TLS
> v2 or v3.  If I spec TLS v1 to couriertls I get, with no errors:

There is no TLS v2 or v3 (only "legacy" SSL v2/3, but that's not used
in SMTP, because it doesn't know stattls). The later versions are
numbered TLS v1.1 and v1.2.


> I'd like to configure courier to use TLS1 as a fallback in cases such
> as this.  Is this possible? 

This is possible and it is the default. Courier also does that. Every
TLS app that conforms to standards does that.

Usually what happens is something like this:
* Client: "Server, I'd like to connect with TLS 1.2"
* Server: "Sorry, I can't do that, let's use TLS 1.0"
* Client: "Okay, let's use TLS 1.0"

Now what happens sometimes is that servers are unable to proceed if
they're connected with a tls version they don't support. So they don't
answer at all. As far as I can remember, the Facebook-API had such a
problem when TLS 1.2 first appeared in openssl.

However, this is always a bug on the server side. Every correct
implementation of TLS 1.0 can handle this gracefully.
So mx.nv.net is using broken hardware or software. Tell them. There's
nothing you can do about it except not supporting newer and better
crypto standards (which really should not be an option if you're
serious).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42

Attachment: signature.asc
Description: PGP signature

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to