Re: IMAPS problems...

From: Brian Stafford <brian stafford uklinux net>
To: Toralf Lund <toralf kscanners com>
Cc: chbm chbm nu, Balsa List <balsa-list gnome org>
Subject: Re: IMAPS problems...
Date: Wed, 22 Aug 2001 14:38:31 +0100

On Wed, 22 August 14:14 Toralf Lund wrote:

> So enabling SSL in the config would mean using SSL _and_ TLS, which is
> fairly meaningless, right?

Not necessarily.  If  client and server support some common set of protocols
from SSLv2,3 and TLSv1, the best available will be negotiated.

Since most servers used by the open source community are likely to use OpenSSL,
it makes sense for the client to support only TLSv1.  That way export crippled
ciphers are not used and cannot be negotiated.  There are attacks on SSL 2/3
which can cause a weak cipher to be agreed which the attacker can crack more
easily.  This form of attack is not possible with TLS.  The only reason a client
might want SSLv2 or 3 is to use with a legacy closed source US export crippled
server.

Brian Stafford

Follow-Ups:
- Re: IMAPS problems...
  - From: Carlos Morgado
- Re: IMAPS problems...
  - From: Toralf Lund

References:
- IMAPS problems...
  - From: Toralf Lund
- Re: IMAPS problems...
  - From: Carlos Morgado
- Re: IMAPS problems...
  - From: Toralf Lund

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]