--On Friday, October 19, 2001 5:18 PM +0300 Leena Heino <[EMAIL PROTECTED]>
wrote:
> On Fri, 19 Oct 2001, Scott Adkins wrote:
>
>> Okay, we just got bitten by the Eudora 5.x STARTTLS problem that was
>> discussed last month. We have the same problem where only those clients
>> cannot negotiate a TLS connection properly, and thus fails to login at
>> all. So...
>>
>> Ken suggested removing or commenting out the following lines:
>>
>> if (tlsonly) {
>> off |= SSL_OP_NO_SSLv2;
>> off |= SSL_OP_NO_SSLv3;
>> }
>>
>> I am wondering exactly what effect this will have on us... how does this
>> affect clients that *do* TLS just fine, such as Mulberry, for instance?
>> Would the other clients still use TLS and Eudora use SSLv3?
>>
> I've commented out the above lines as Ken suggested and then tried the
> STARTTLS with pine4.40 and it seems to work nicely.
Right... but that doesn't exactly answer my question. I know I have a
deep lack of understanding of SSL and how it works. In a nutshell, I
want to know if by commenting those lines out above that the email
clients will end up using a weaker algorithm for encryption that what
would normally be used.
Is TLS a method of choosing an SSL protocol for encryption? Or is it
another method of encrypting like SSLv2 and SSLv3. I guess I need to dig
up all the docs on this stuf and read it... but time is always a problem.
Scott
--
+-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
Scott W. Adkins http://www.cns.ohiou.edu/~sadkins/
UNIX Systems Engineer mailto:[EMAIL PROTECTED]
ICQ 7626282 Work (740)593-9478 Fax (740)593-1944
+-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979
