Date: Thu, 31 May 2001 21:38:07 -0400
From: "Justin R. Miller" <[EMAIL PROTECTED]>
Hi,
I just took the plunge and updated from my old Cyrus 1.x (whatever the
latest one was) to the 2.x released a few days ago. Everything seems to
be working fine, and I have support for IMAP and IMAPS. It looks like
when I use regular IMAP, the log says I have a login with
"plaintext+TLS". How exactly does this differ from a regular plaintext
login? Also, when I use IMAPS, I get this:
It's merely informing you that the plaintext login was TLS (nee SSL)
protected; it makes it easier to analyze the logs to see how many
people are logging in with plaintext and how many with plaintext+TLS.
May 31 21:32:43 mithrandir imapd[29280]: starttls: TLSv1 with cipher
DES-CBC3-SHA (168/168 bits) no authentication
May 31 21:32:45 mithrandir imapd[29280]: login: [my.hostname][my.ip] justin
plaintext+TLS
May 31 21:32:45 mithrandir imapd[29280]: open: user justin opened INBOX
Does this mean I'm using TLSv1 instead of SSLv3? I used to use Cyrus
with stunnel on port 993, how is this different?
TLSv1 is very similiar to SSLv3, but slightly more up-to-date and is
the internet standard. The "imaps" port of Cyrus will allow anything
from SSLv2 through TLSv1. Evidentally your client can negotiate
TLSv1, and therefore does so.
The "STARTTLS" command (an alternative way of creating an encryption
layer) allows only TLSv1. Few clients currently use the STARTTLS
command.
Larry
