On Sun, 2014-05-04 at 14:51 -0400, Sam Varshavchik wrote: > Lindsay Haisley writes: > > > So it looks as if the issue here is that courier is using only SSL/TLS > > v2 or v3. If I spec TLS v1 to couriertls I get, with no errors: > > > > # TLS_VERIFYPEER=NONE TLS_PROTOCOL=TLS1 couriertls -host=mx.nv.net -port=25 > > - > > protocol=smtp -printx509=2 > > The setting is TLS_PROTOCOL=TLSv1 in the current version.
Courier, as distributed with Ubuntu 12.04 LTS, is at 0.66.1. That's probably not a "current version". > TLS_PROTOCOL is used for OpenSSL only. The config file comments appear to specify syntax for both GnuTLS and OpenSSL, although this isn't clear. ##NAME: TLS_PROTOCOL:0 # # TLS_PROTOCOL sets the protocol version. The possible versions are: # # OpenSSL: # # SSL3 - SSLv3 # SSL23 - either SSLv2 or SSLv3 (also TLS1, it seems) # TLS1 - TLS1 # # Note that this setting, with OpenSSL, is modified by the TLS_CIPHER_LIST # setting, below. # # GnuTLS: # # SSL3 - SSLv3 # TLS1 - TLS 1.0 # TLS1_1 - TLS 1.1 # # When compiled against GnuTLS, multiple protocols can be selected as follows: # # TLS_PROTOCOL="TLS1_1:TLS1:SSL3" # # DEFAULT VALUES: # # SSL23 (OpenSSL), or "TLS_1:TLS1:SSL3" (GnuTLS) TLS_PROTOCOL isn't explicitly set so Courier is using the default. > The settings in the courierd file are > used when Courier is sending mail, the other two when it's the server, > receiving mail. OK. Thanks for the insight on this. And thanks also to Hanno Böck for his very informative summary. > The next time I have some free time, I'll rebuild Courier to use GnuTLS and > see if it can talk to that capricious server, by default. -- Lindsay Haisley | "UNIX is user-friendly, it just FMP Computer Services | chooses its friends." 512-259-1190 | -- Andreas Bogk http://www.fmp.com | ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
