[Imap-uw] Cipher setting
Mark Crispin
MRC at CAC.Washington.EDU
Sat Jul 30 18:29:32 PDT 2005
On Thu, 28 Jul 2005, Karl Boyken wrote:
> Is there a way to specify which cipher to use for TLS? I'm trying
> setting up a Perdition 1.17 proxy server in front of our UW IMAP 2004c1
> server. Perdition can set up an SSL session with UW IMAP with no
> problem, but TLS sessions fail. I've used ssldump to examine TLS
> sessions, and it looks like cipher negotiation is failing for some
> reason. Perdition can be configured to use a specific cipher--is there
> some way to configure the cipher used by UW IMAP for TLS? Thanks.
More likely, Perdition has a bug and is (incorrectly) using the SSLv23
client method with TLS instead of the (correct) TLSv1 client method. Some
baby programmers (mistakenly) believe that the SSLv23 client method is
"more general" than the TLSv1 client method and thus should be used for
both SSL and TLS.
As you have discovered, the SSLv23 client method does not work with UW
imapd and other IMAP servers which use the TLSv1 server method for TLS.
See if you can get Perdition to fix their client to use the TLSv1 client
method for TLS. Note that the SSLv23 client method *is* correct for SSL,
so you have to use different client methods depending upon whether you are
using SSL or TLS.
The lesson to learn from this is that TLS is not "just another name for
SSL." It *is* a (subtly) different protocol.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
More information about the Imap-uw
mailing list