INN and SSL/TSL

Jeffrey M. Vinocur jeff at litech.org
Wed Oct 15 16:45:09 UTC 2003


On Wed, 15 Oct 2003, Todd Olson wrote:

> Has support for SSL/TSL has been worked in to INN 2.4 ????

TLS, you mean.  And yes, it's been supported for ages, check the 
documentation.

In brief, we suppport both a not-yet-standardized STARTTLS command on top
of regular port 119 connections, and nnrpd -S to listen on a separate port
(port 563 is normal, listening either with inetd/xinetd, or with nnrpd -D
to run in daemon mode).

There's also a readers.conf parameter for restricting auth blocks to only
apply to encrypted connections.


> Is anyone using it?

Sure, lots of people.


> What clients are being used?

There are only a few of the graphical clients that support SSL natively, 
as far as I know.  Outlook Express, definitely.  I think Netscape.  Not 
sure about Mozilla, but presumably.  There's some sort of support in Xnews 
(Windows), but last time I looked at it -- three years ago -- it was a 
little rough.


> Does it work of the client does some sort of ssl tunneling
> with a non ssl enabled client?

Of course, there's no way to even tell that stunnel or whatever is being 
used (with the nnrpd-on-separate-port approach, anyway).

-- 
Jeffrey M. Vinocur
jeff at litech.org



More information about the inn-workers mailing list