[ingo] Sieve over SSL/TLS?

[Jan Schneider]

Zitat von alex at milivojevic.org:

> Quoting Jan Schneider <jan at horde.org>:
>
>> Zitat von alex at milivojevic.org:
>>
>>> Quoting Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von alex at milivojevic.org:
>>>>
>>>>> I've just noticed from log files that Ingo connects to timsieved over
>>>>> plaintext
>>>>> connection.  Is it possible to use SSL/TLS before transmitting the
>>>>> password?
>>>>
>>>> SSL might be possible by prefixing the hostname with "ssl:/" (does
>>>> timsieved support SSL at all?), but TLS is not possible.
>>>
>>> I've prefixed it with "ssl:/" (also tried "ssl://"), but it made plaintext
>>> connection again.  When doing "telnet localhost sieve", timsieved lists the
>>> capabilities, and one of them is STARTTLS.
>>
>> What I meant is that TLS support on Ingo's side is not possible.
>
> So I guess it is not possible then.  Don't think timsieved allows for SSL on
> connect (like https, imaps, or pop3s), only STARTTLS.

That's what I had in mind. Thanks for confirming.

> I've had a peek at Net_SIEVE module, and it seems it only parses the
> capabilities and sets flag if STARTTLS is present in the list of
> capabilities. Not sure if this just reflects future plans to add
> support for it in Net_SIEVE,
> or if applications using it can issue raw STARTTLS, handle TLS handshake
> themself and provide callback functions for read/write (that would
> encrypt/decrypt data stream, something like proftpd implements TLS).

While this would technically be possible, it would require to port a 
complete TLS library to PHP, which is a bad idea IMO.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/