Dear James Devs, I tried to implement STARTTLS in James v.2.3.1 SMTP server. At the beginning it seemed a big deal! Looking at the very simple class architecture of James and its great modularity, things went more and more feasible. At the end with a few lines of code I obtaind a base STARTTLS running with Outlook and Thunderbird. Please find attached the five classes involved in the experiment and a short readme.
I submit this code for discussion. Thanks and regards, Pietro
What is it? ----------- This is a preliminar feasibility study to implement STARTTLS within JAMES Server v.2.3.1. The scope is to understand the approach to add this feature to James keeping safe the James/Avalon logic. The STARTTLS must be managed at the application layer (SMTP) since the SMTP behaviour is dependent on the status of STARTTLS e.g. the knowledge achieved before the STARTTLS command must be discarded; a server MUST NOT return the TLS extension in response to an EHLO command received after a TLS handshake has completed. The simple idea is: upon receipt of STARTTLS command upgrade the plain socket to TLS secured mode, discard any SMTP knowledge, return again extension supported (excl. STARTTLS). The experiment involves 5 classes: EhloCmdHandler: now return the TLS extension in response to an EHLO command (if TLS is not already active) SMTPSession: a new get method isTlsStarted(), a new method secure() to upgrade plain socket to TLS secured mode SMTPHandler: implements isTlsStarted() and secure() SMTPHandlerChain: yust add a new handler for the new STARTTLS command StartTlsCmdHandler: new class implementing the base logic of STARTTLS Preliminar test has shown that it works with Outlook and Thunderbird (note:Sun jce implementation must be loaded). I'm not so sure the auth logic is discarded after STARTTLS. The initialization of the security material within the SMTPHandler is not acceptable. Configuration issues have been ignored in this experiment. Thanks. Pietro Romanazzi
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
