[NNTP] TLS draft question
Ned Freed
ned.freed at mrochek.com
Tue Jul 19 16:16:19 PDT 2005
> Ned Freed wrote:
> >> Yes. I believe that our text follows that of IMAP, POP3 and SMTP in
> >> that the session may continue even if the TLS negotiation failed.
> >
> >
> > That may be the theory, but it almost never works in practice, in my
> > experience at least.
> Ned, are you suggesting that the server should just unilaterally
> disconnect the client if TLS fails? I know for a fact that the Cyrus
> servers (IMAP, POP3, NNTP, LMTP) simply revert back to using its own I/O
> routines rather than the OpenSSL equivalents if TLS fails. I haven't
> tried this with any clients to see how they behave.
I'm not suggesting that servers behave in any particular way, mostly because I
think any recommendation would be largely irrelevant.
My observation was and is that servers in practice leave the connection in an
unusable state. This means that the only viable behavior for a client is to
abandon the connection and either try again without TLS or give up.
Ned
More information about the ietf-nntp
mailing list