(START)TLS between servers?
Julien ÉLIE
julien at trigofacile.com
Sat Mar 26 19:48:48 UTC 2011
Hi Adam,
> The next thing I would like is to use TLS when talking to my peers.
>
> Is that possible?
Unfortunately, I do not believe that a news server currently supports
the STARTTLS command for its transit mode.
It is commonly used as a feature for the reader mode.
> I looked in the manual of innfeed and innfeed.conf, searched a little,
> but didn't really find anything. I also tried to manually go MODE
> STREAM, STARTTLS to one of my peers, but that didn't work (I got a 401
> MODE-READER response) - but that might be because he hasn't set up TLS.
401 MODE-READER is an answer that tells you the current mode (that is to
say transit/streaming/peering mode) does not allow STARTTLS. The news
server knows that STARTTLS is a valid command in the reader mode and
that is why it answers 401 so that the client asks for entering the
reader mode. Which is not what you want to use in your case.
The best and usual way, if you need encryption, is to set up a *stunnel*
between the two peers.
--
Julien ÉLIE
« Life is short… so eat dessert first! »
More information about the inn-workers
mailing list