ftp ssl

Peter Mann Peter.Mann na tuke.sk
Úterý Červen 11 11:29:37 CEST 2002 

On Tue, Jun 11, 2002 at 11:04:11AM +0200, Honza Petrous wrote:
> On Út, 2002-06-11 at 10:42, Peter Mann wrote:
> > On Tue, Jun 11, 2002 at 10:38:01AM +0200, Dan Ohnesorg wrote:
> > > Kdyz uz jsme v tom co ma kdo zafixovano, tak ja mam za to, ze TLS je SSL 
> > > spoustene v ramci extenze puvodniho protokolu. Takze treba ssl imap se 
> > > spojuje na vlastnim portu, kdezto TLS imap na puvodnim s tim, ze po 
> > > otvereni spojeni a zjisteni capatibilities server pouzije prikaz STARTTLS.
> > 
> > tiez sa k tomu pripajam - podobne smtp vs. ssmtp

smtp		25/tcp		mail
ssmtp		465/tcp		smtps		# SMTP over SSL

ak mam smtp tls enable, tak kryptovana komunikacia stale bezi na porte
25, pokial servery navzajom zistia z EHLO, ze maju 250-STARTTLS -
vychadzam z pouzivanej konfiguracie postfixu

- This is an SSL/TLS enhancement package for postfix.
  It realizes (well, or at least should, once it is finished) the
  STARTTLS extension to SMTP as described in RFC2487 and used
  by Netscape 4.5x.

# only used by postfix-tls
smtps .... smtpd -o smtpd_tls_wrappermode=yes
587   .... smtpd -o smtpd_enforce_tls=yes

netvrdim, ze to odporuje vasmu tvrdeniu - nechcem sa hadat ;-)))

> Nemate pravdu! Donutili jste me znova precist RFC 2246
> (mate stesti, ze se nezname, jinak bych zas ja vas oba
> donutil mi zplatit "par" piv :) a tam je v sekci 3 uvedeno:
> 
> | This document and the TLS protocol itself are based on the SSL 3.0
> | Protocol Specification as published by Netscape. The differences
> | between this protocol and SSL 3.0 are not dramatic, but they are
> | significant enough that TLS 1.0 and SSL 3.0 do not interoperate
> | (although TLS 1.0 does incorporate a mechanism by which a TLS
> | implementation can back down to SSL 3.0). This document is intended
> | primarily for readers who will be implementing the protocol and those
> | doing cryptographic analysis of it. The specification has been written
> | with this in mind, and it is intended to reflect the needs of those
> | two groups. For that reason, many of the algorithm-dependent data
> | structures and rules are included in the body of the text (as opposed
> | to in an appendix), providing easier access to them.
> 
> Rozdil mezi TLS a START-TLS spojenim je v tom, ze prvni vyzaduje TLS
> kdezto druhe je pouze "capable".

-- 

5o   Peter.Mann at tuke.sk
     KLFMANiK ICQ 12491471
         PM2185-RIPE

Další informace o konferenci Linux