Okay, we just got bitten by the Eudora 5.x STARTTLS problem that was
discussed last month. We have the same problem where only those clients
cannot negotiate a TLS connection properly, and thus fails to login at
all. So...
Ken suggested removing or commenting out the following lines:
if (tlsonly) {
off |= SSL_OP_NO_SSLv2;
off |= SSL_OP_NO_SSLv3;
}
I am wondering exactly what effect this will have on us... how does this
affect clients that *do* TLS just fine, such as Mulberry, for instance?
Would the other clients still use TLS and Eudora use SSLv3?
For my next question, I am curious if there is a way to turn off the
STARTTLS capability on the main imap port, but still allow the use of
the alternate IMAP SSL port. I don't see this capability in the server,
appearing to be an all or nothing type thing based onthe tls options
listed in the imapd.conf file. Using stunnel to wrap imap on an imaps
port is not really an option here, but I know that is one way to do it.
Thanks,
Scott
--
+-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/
UNIX Systems Engineer mailto:[EMAIL PROTECTED]
ICQ 7626282 Work (740)593-9478 Fax (740)593-1944
+-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979
