INN and SSL/TSL
Jeffrey M. Vinocur
jeff at litech.org
Wed Oct 15 16:45:09 UTC 2003
On Wed, 15 Oct 2003, Todd Olson wrote:
> Has support for SSL/TSL has been worked in to INN 2.4 ????
TLS, you mean. And yes, it's been supported for ages, check the
documentation.
In brief, we suppport both a not-yet-standardized STARTTLS command on top
of regular port 119 connections, and nnrpd -S to listen on a separate port
(port 563 is normal, listening either with inetd/xinetd, or with nnrpd -D
to run in daemon mode).
There's also a readers.conf parameter for restricting auth blocks to only
apply to encrypted connections.
> Is anyone using it?
Sure, lots of people.
> What clients are being used?
There are only a few of the graphical clients that support SSL natively,
as far as I know. Outlook Express, definitely. I think Netscape. Not
sure about Mozilla, but presumably. There's some sort of support in Xnews
(Windows), but last time I looked at it -- three years ago -- it was a
little rough.
> Does it work of the client does some sort of ssl tunneling
> with a non ssl enabled client?
Of course, there's no way to even tell that stunnel or whatever is being
used (with the nnrpd-on-separate-port approach, anyway).
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list