Re: IMAPS problems...

[Carlos Morgado <chbm chbm nu>]

On 2001.08.22 15:47:21 +0100 Brian Stafford wrote:
> On Wed, 22 August 15:36 Carlos Morgado wrote:
> > 
> > On 2001.08.22 15:06:53 +0100 Brian Stafford wrote:
> > 
> > > 
> > > Right, I missed that bit.  Anyhow an OpenSSL based SSL tunnel will do
> TLS
> > > too!
> > > No matter what, if TLS is available then use it.
> > > 
> > TLS inside SSL = overhead
> 
> If a tunnel is in use, the server doesn't know that encryption is already
> on the channel.  If the server is doing the TLS/SSL session natively then
> it can't apply encryption twice anyway.
> 

ok, clear up, everytime i said 'tunnel' in this discussion i meant ssl 
connection (imaps). not tunnel as in ssh tunnel. bad choice of word :(

> What I was getting at though is that given the choice between SSL and TLS
> *always* use TLS and never use SSL.
> 
> > > But that puzzles me though.  If the server can do TLS/SSL directly, why
> > > tunnel?
> > > 
> > ops, my fault, not tunnel in the sense of ssh, tunnel in the sense of SSL
> > connection
> 
> OK.  In this case I don't see how its possible to encrypt twice with any of
> the TLS toolkits I'm aware of.
> 
you connect to imaps, the server presents you with STARTTLS cap, you take it.
TLS inside a SSL connection.

i'd say the imap server is beind sslwrapper and doesn't know imaps is being
used. that's why balsa should be smart and not use TLS when it's doing imaps.
at least, the server config dialog must be updated ..  

-- 
Carlos Morgado - chbm(at)chbm(dot)nu - http://chbm.nu/ -- gpgkey: 0x1FC57F0A
http://wwwkeys.pgp.net/ FP:0A27 35D3 C448 3641 0573 6876 2A37 4BB2 1FC5 7F0A
Software is like sex; it's better when it's free. - Linus Torvalds