[NNTP] TLS draft question

Ken Murchison ken at oceana.com
Tue Jul 19 15:44:36 PDT 2005


Ned Freed wrote:

  >> Yes.  I believe that our text follows that of IMAP, POP3 and SMTP in
>> that the session may continue even if the TLS negotiation failed.
> 
> 
> That may be the theory, but it almost never works in practice, in my
> experience at least.

Ned, are you suggesting that the server should just unilaterally 
disconnect the client if TLS fails?  I know for a fact that the Cyrus 
servers (IMAP, POP3, NNTP, LMTP) simply revert back to using its own I/O 
routines rather than the OpenSSL equivalents if TLS fails.  I haven't 
tried this with any clients to see how they behave.

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp



More information about the ietf-nntp mailing list