[Dovecot] Protocol logging - TLS vs SSL
Charles Marcus
CMarcus at Media-Brokers.com
Wed Feb 27 15:43:49 EET 2013
Ok, this really will be my last email on the subject...
On 2013-02-26 3:20 PM, Timo Sirainen <tss at iki.fi> wrote:
> Technically you're almost definitely using the TLS protocol (it has nothing to do with ports). http://wiki2.dovecot.org/SSL has some info about Dovecot's naming. (Of course, in Dovecot it's somewhat confusing since the config files use SSL but the logs use TLS.. uhm..)
Ok, I think I understand now, thanks Timo..
So, since (apparently) the 'new' correct term is TLS, why not change all
of dovecots documentation (including the wiki) and the config code/files
to reference it correctly? Not doing so, in my opinion, just perpetuates
the confusion.
So, add the new tls/tls_ settings, keep the old ssl/ssl_ settings for
backwards compat, document this clearly everywhere, especially on the
wiki, and let doveconf -[d][n] output show explanatory text that the
older ssl/ssl_ settings are deprecated in favor of the new tls/tls_
settings whenever someone is using them.
Dovecot's wiki page could then be a good general reference for
de-confusing others (like me)... ;)
Also - I'd be very much in favor of the logging the precise version of
TLS that is being used - ie, TLS_1.#, rather than just the generic 'TLS'.
On 2013-02-26 5:10 PM, Noel <noeldude at gmail.com> wrote:
> This is just a dumbing-down of the terms for the mass market.
> <snip> Anyone who's confused by this is trying too hard. It's really
> all TLS.
Yeah, I figured that all out now, thanks to the gentle prodding by Reindl.
Thanks Noel. Fwiw, I really hate ambiguity (especially with respect to
things technical), so this will always bother me, but not much I can do
about it. At least now I know.
And I just noticed that Thunderbird actually does it right (although it
should be TLS/SSL, not SSL/TLS, since TLS is the 'new/correct' term)...
cool...
On 2013-02-26 5:28 PM, Ben Morrow <ben at morrow.me.uk> wrote:
> I'm generally against gratuitous changes for no good reason.
Me too... but I don't see a change that makes dovecot use the *correct*
terminology for TLS/SSL in both its documentation and logging as
'gratuitous change', but that is just me. If you really do, then I guess
we'll just have to agree to disagree.
--
Best regards,
*/Charles/*
More information about the dovecot
mailing list