[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auto plugged off?

To: Ian D. Leroux <idleroux@fastmail.fm>
Subject: Re: Auto plugged off?
From: Randy Bush <randy@psg.com>
Date: Mon, 28 Jun 2010 10:50:24 +0900
Cc: wl-en@lists.airs.net
Delivered-to: wl-en@lists.airs.net
In-reply-to: <m2oceweyrn.wl%randy@psg.com>
List-help: <mailto:wl-en-ctl@lists.airs.net?body=help>
List-id: wl-en.lists.airs.net
List-owner: <mailto:wl-en-admin@lists.airs.net>
List-post: <mailto:wl-en@lists.airs.net>
List-software: fml [fml stable 20011102.2100]
List-unsubscribe: <mailto:wl-en-ctl@lists.airs.net?body=unsubscribe>
References: <1277567950.23826.1382019081@webmail.messagingengine.com> <4c263bed.201b8f0a.231a.51e5@mx.google.com> <1277587953.29151.1382045185@webmail.messagingengine.com> <4c26ea2f.0b698d0a.4185.ffff8698@mx.google.com> <87fx083an4.wl%idleroux@fastmail.fm> <m24ogogpml.wl%randy@psg.com> <m2vd94f5mx.wl%randy@psg.com> <87y6e00zy3.wl%idleroux@fastmail.fm> <m2oceweyrn.wl%randy@psg.com>
Reply-to: wl-en@lists.airs.net
User-agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)

again, being an smtp relay

randy

---

there are a few technical differences:

- the verify level (see stunnel(8)) lets you choose whether to do (1)
  opportunistic cert verification, (2) cert verification from a trust
  anchor, or (3) cert verification that must match a locally installed
  cert.  the most useful of these is usually (2), which is the mode
  that gnutls-cli does.

- gnutls-cli does the commonName check, not sure stunnel does.

- stunnel has a list of protocols (including pop3 and imap) for which
  it knows how to do starttls negotiation, and lets you specify one of
  these, after which it will automatically perform the negotiation.

  gnutls-cli has a --starttls option but it doesn't do the negotiation
  for you; instead, it opens a plain connection, waits quietly for you
  to do the protocol-specific starttls negotiation yourself, then you
  send gnutls-cli it a signal (eof or sigalrm) to tell it that you now
  want it to start speaking tls for you.

stunnel's starttls support is probably the deciding factor here.   if
i were using imap with starttls instead of imaps, i'd want this.

References:
- Auto plugged off?
  - From: "Ian D. Leroux" <idleroux@fastmail.fm>
- Re: Auto plugged off?
  - From: Erik Hetzner <ehetzner@gmail.com>
- Re: Auto plugged off?
  - From: "Ian D. Leroux" <idleroux@fastmail.fm>
- Re: Auto plugged off?
  - From: Erik Hetzner <ehetzner@gmail.com>
- Re: Auto plugged off?
  - From: Ian D. Leroux <idleroux@fastmail.fm>
- Re: Auto plugged off?
  - From: Randy Bush <randy@psg.com>
- Re: Auto plugged off?
  - From: Randy Bush <randy@psg.com>
- Re: Auto plugged off?
  - From: Ian D. Leroux <idleroux@fastmail.fm>
- Re: Auto plugged off?
  - From: Randy Bush <randy@psg.com>

Prev by Date: Re: Auto plugged off?
Next by Date: wrong argument type
Previous by thread: Re: Auto plugged off?
Next by thread: Re: Auto plugged off?
Index(es):
- Date
- Thread