On Thu, 28 Jul 2005, Karl Boyken wrote:
Is there a way to specify which cipher to use for TLS? I'm trying setting up a Perdition 1.17 proxy server in front of our UW IMAP 2004c1 server. Perdition can set up an SSL session with UW IMAP with no problem, but TLS sessions fail. I've used ssldump to examine TLS sessions, and it looks like cipher negotiation is failing for some reason. Perdition can be configured to use a specific cipher--is there some way to configure the cipher used by UW IMAP for TLS? Thanks.
More likely, Perdition has a bug and is (incorrectly) using the SSLv23 client method with TLS instead of the (correct) TLSv1 client method. Some baby programmers (mistakenly) believe that the SSLv23 client method is "more general" than the TLSv1 client method and thus should be used for both SSL and TLS.
As you have discovered, the SSLv23 client method does not work with UW imapd and other IMAP servers which use the TLSv1 server method for TLS.
See if you can get Perdition to fix their client to use the TLSv1 client method for TLS. Note that the SSLv23 client method *is* correct for SSL, so you have to use different client methods depending upon whether you are using SSL or TLS.
The lesson to learn from this is that TLS is not "just another name for SSL." It *is* a (subtly) different protocol.
-- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ Imap-uw mailing list Imap-uw@u.washington.edu https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
