W dniu 03.05.2016, wto o godzinie 09∶40 -0700, użytkownik li...@lazygranch.com napisał: > I suspect you wouldn't want s2s to use a self signed cert, so > allowing two level of verification (c2s and s2s) sounds complex. You > fix one thing in software and you break something else.
So, why would you allow self-signed on C2S? Why do you want to use encryption in the first place? So, no one is able to read the conversation, right? But self-signed cert does not give you this... Just a false illusion that you are protected from evesdropping. But self-signed does not protect you from man-in-the-middle attack, so basically still anyone able to tap the wire your transmission is going through is able to read it, with just slightly more effort. > I noticed the online documentation doesn't completely match the xml, > but there are enough comments in the xml that I could get close to > setting it up. It is just the certs that are confusing. Yeah. The real and up to date source of documentation are the comments in the configuration files. -- /o__ (_<^' Practice is the best of all instructors.
signature.asc
Description: This is a digitally signed message part