[Dovecot] SSL and STARTTLS
I wanted to enable SSL on some alternate ports so that a limited number of people could try SSL access. But doing so enabled STARTTLS in IMAP, so that all IMAP users got surprised (at least those whose clients attempted to use it automatically).
e.g.:
# IP or host address where to listen in for SSL connections. Defaults
# to above non-SSL equilevants if not specified.
imaps_listen = *:xxxx
pop3s_listen = *:yyyy
# Disable SSL/TLS support.
ssl_disable = no
Is there a way to enable imaps/pop3s without enabling STARTTLS?
(If so it's probably blindingly obvious and I am missing it..)
Yours, mm
Mark E. Mallett wrote :
I wanted to enable SSL on some alternate ports so that a limited number of people could try SSL access. But doing so enabled STARTTLS in IMAP, so that all IMAP users got surprised (at least those whose clients attempted to use it automatically).
Maybe, it is the role of the client to disable this automatic use of STARTTLS.
-- DINH V. Hoa,
etPan! - newsreader, mail user agent -- http://libetpan.sf.net/etpan
On Tue, Jan 06, 2004 at 07:05:55PM +0100, DINH Viet Hoa wrote:
Mark E. Mallett wrote :
I wanted to enable SSL on some alternate ports so that a limited number of people could try SSL access. But doing so enabled STARTTLS in IMAP, so that all IMAP users got surprised (at least those whose clients attempted to use it automatically).
Maybe, it is the role of the client to disable this automatic use of STARTTLS.
Yes, that is a restatement of the problem. I think I wasn't very clear though. I want to enable imaps and pop3s on alternate ports for a few people to test SSL access (and certificate recognition et al), but disallow STARTTLS on the standard imap port (not on the alternate port) so that all the users who are *not* explicitly accessing the test imaps port do not get exposed to the SSL stuff by accident.
mm
On Tue, 2004-01-06 at 18:00, Mark E. Mallett wrote:
Is there a way to enable imaps/pop3s without enabling STARTTLS?
With CVS code you would be able to do it by creating another "server configuration" with SSL enabled in different port. With current code you'd have to run another dovecot process completely with different config file.
participants (3)
-
DINH Viet Hoa
-
Mark E. Mallett
-
Timo Sirainen