how are 'sasl_minimum_layer' & TLS related/dependent?

Sat, 08 Oct 2005 22:48:29 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hi all,

i'm connecting to my cyrus-imap 2.2.12-cvs server on OSX 10.4.2 with a 
Thunderbird v107 client.

i've configured for TLS use, with imapd.conf including:

        sasl_minimum_layer:     128
        sasl_mech_list:         PLAIN
        allowplaintext:         no

i can login successfully, & my TBird protocol log shows TLS 'protection':

        40102400[5160f90]: 
2330600:mail.testdomain.com:NA:CreateNewLineFromSocket: 1 OK Success (tls
protection)

per a long-ago post:

        Re: is TLS/SSL selection/connection ONLY via port 993?
        http://www.irbs.net/internet/info-cyrus/0411/0216.html
        from: Henrique de Moraes Holschuh

my understanding was that 'sasl_minimum_layer' >= 64 (128?) was *REQUIRED* for 
TLS protection ...


BUT, my config _seems_ to be insenitive to it.

if i change my imapd.conf entry to:

        sasl_minimum_layer:     0

i would have expected the connect to fail, but i *still* get TLS enabled:

        38991872[53b89c0]: 
26a2c00:mail.testdomain.com:NA:CreateNewLineFromSocket: 1 OK Success (tls
protection)

### QUESTION: ###
what *is* the relationship/dependency of sasl_minimum_layer & TLS?


one 'suspect' ... to connect via TLS, TBird *requires* the following setup:

        Account Settings>(this account)>Server Settings
                Server Type: IMAP Mail Server
                Server Name: {mail.testdomain.com}
                Port: {993} Default: 993

                [x] Use secure connection (SSL)
                [ ] Use secure authentication

that "Use secure connection (SSL)" *must be checked ...

per that earlier referenced post:

        "imapd -s is for IMAP connections that are externally wrapped by SSL 
(bad).
        imapd is for non-encrypted IMAP connections, and IMAP connections that 
use
        TLS (good)."

is there, perhaps, an 'issue' with the port993 use defaulting to some 
minimum_layer strength
despite my imapd.conf setting?

confused here ... any insight would be much appreciated!

thx!

richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (Darwin)

iEYEAREDAAYFAkNIq/sACgkQGnqMy4gvZ6FikwCeLjo/kaRQTuJQtORNwnmqO410
FEQAnisM89Wzdr6ukQ+DaZBUVrL8QOgq
=uI3P
-----END PGP SIGNATURE-----

----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to