Re: IMAPS problems...



On Wed, 22 August 14:14 Toralf Lund wrote:

> So enabling SSL in the config would mean using SSL _and_ TLS, which is
> fairly meaningless, right?

Not necessarily.  If  client and server support some common set of protocols
from SSLv2,3 and TLSv1, the best available will be negotiated.

Since most servers used by the open source community are likely to use OpenSSL,
it makes sense for the client to support only TLSv1.  That way export crippled
ciphers are not used and cannot be negotiated.  There are attacks on SSL 2/3
which can cause a weak cipher to be agreed which the attacker can crack more
easily.  This form of attack is not possible with TLS.  The only reason a client
might want SSLv2 or 3 is to use with a legacy closed source US export crippled
server.

Brian Stafford




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]