require_ssl with SASL secure layers

Jeffrey M. Vinocur jeff at litech.org
Mon Jun 1 00:09:46 UTC 2009


On Sun, 31 May 2009, [iso-8859-15] Julien ÉLIE wrote:

> I think we could rename the require_ssl: parameter in readers.conf
> to something like require_encryption: in order to take into account
> both a successful STARTTLS command (or "nnrpd -S") and a successful
> AUTHINFO SASL with a negotiation of a secure layer.

Sounds lovely.

(The thought crossed my mind of trying to add a little more expressive 
power to it, by changing from boolean to a list, where the user could 
specify exactly what would be adequate encryption for a given block to be 
tried, e.g. "require_encryption: TLS, SASL.CRAM-MD5, SASL.DIGEST-MD5" but 
then I thought that might be trouble than it's worth.)

-- 
Jeffrey M. Vinocur
jeff at litech.org



More information about the inn-workers mailing list