(START)TLS between servers?

Julien ÉLIE julien at trigofacile.com
Sat Mar 26 19:48:48 UTC 2011


Hi Adam,

> The next thing I would like is to use TLS when talking to my peers.
>
> Is that possible?

Unfortunately, I do not believe that a news server currently supports 
the STARTTLS command for its transit mode.
It is commonly used as a feature for the reader mode.


> I looked in the manual of innfeed and innfeed.conf, searched a little,
> but didn't really find anything. I also tried to manually go MODE
> STREAM, STARTTLS to one of my peers, but that didn't work (I got a 401
> MODE-READER response) - but that might be because he hasn't set up TLS.

401 MODE-READER is an answer that tells you the current mode (that is to 
say transit/streaming/peering mode) does not allow STARTTLS.  The news 
server knows that STARTTLS is a valid command in the reader mode and 
that is why it answers 401 so that the client asks for entering the 
reader mode.  Which is not what you want to use in your case.

The best and usual way, if you need encryption, is to set up a *stunnel* 
between the two peers.

-- 
Julien ÉLIE

« Life is short… so eat dessert first! »



More information about the inn-workers mailing list