Am Mittwoch, 15. Februar 2006 19:54 schrieb Ben:
Am I missing something obvious, or asking the impoosible?
It would not make much sense probably even is impossible:
I don't know if IMAP supports something like SMTP's STARTTLS where you can "convert" a plain channel to an SSL protected one. (At least that's how I understood it.)
Using IMAPS the SSL channel is already established before authenticating, so how should dovecot be able to select the right certificate?
If there is something like STARTTLS you would have to switch to SSL after sending the login name but before sending the passwort, which probably is not supported and which would reveal the login name to any attacker anyhow...
That's basically the same reasons why there can't be different https sites on the same host. (IP/port combination to be precise.)
Greetings,
Gunter
-- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 43) Java: Internetcafe (Peter Berlich) -- http://www.iks-jena.de/mitarb/lutz/usenet/Fachbegriffe.der.Informatik.htm l#43 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+PGP-verschlüsselte Mails bevorzugt! +