Defining TLS_PROTOCOL to SSL2 is a bit problematic.
When left at "SSL3" courier only accepts SSL3.x handshakes (not
SSL2.0-compatibility ones). When defining the variable to be set to
"SSL2" courier only accepts SSL2.0 and SSL2.0-compatibility handshakes.
Therefore the setting "SSL2" makes real SSL3.0 and TLS1.0 handshakes to
fail. This affects all mail clients, that do use GnuTLS instead of
OpenSSL which does not use the old SSL2.0 compatible handshake (because
it is not SSL2.0 compatibile) but uses a real SSL3.0 or TLS handshake.
The value "SSL23" really should get added to the debian package also for
version 0.56.0 as a debian add-on. The patch is trivial:
--- libcouriertls.c.orig 2007-09-26 00:51:36.002558776 +0200
+++ libcouriertls.c 2007-09-26 00:08:10.081264858 +0200
@@ -419,6 +419,7 @@
ctx=SSL_CTX_new(protocol && strcmp(protocol, "SSL2") == 0
? SSLv2_method():
protocol && strcmp(protocol, "SSL3") == 0 ? SSLv3_method():
+ protocol && strcmp(protocol, "SSL23") == 0 ?
SSLv23_method():
TLSv1_method());
if (!ctx)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
