> Note, the above is for enforcing STARTTLS on the server. If the > decision is left to the client, the configuration is less opaque.
And less secure. :) If policy is to use SSL/TLS, then the server must enforce it; trusting the clients to do the right thing is bad. /r$ -- Principal Security Engineer Akamai Technology Cambridge, MA ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org