On Fri, 2007-03-30 at 16:19 +0530, JOYDEEP wrote: > Olaf Fraczyk wrote: > > On Fri, 2007-03-30 at 14:42 +0530, JOYDEEP wrote: > > > >> lartc wrote: > >> > >>> Hi, > >>> > >>> you can try this in imapd.conf: > >>> > >>> tls_ca_file: /etc/x509/your_ca_cert.pem > >>> tls_cert_file: /etc/x509/your_pub_cert.pem > >>> tls_key_file: /etc/x509/your_private.key > >>> tls_require_cert: no > >>> tlscache_db: berkeley > >>> > >>> > >> Fantastic :-) so I have TLS now :-) > >> Is there any option buy which I can force cyrus to communicate with the > >> client through TLS only ? > >> > > Remove imap and leave imaps only :) > > > > Dear Olaf and Carsten, > > I am a bit confused here. may be I am wrong but imaps is running at port > 993 with SSL where imap with TLs is running at port 143. > I need the imap + TLS. I don't have any imaps entry in my imapd.conf. > So could you all be a little bore verbose :-) > thanks for the help so far. > I mean that if you want to force encryption on users you need to use imaps. If you have imap + TLS it is up to the client to decide if it wants to upgrade the "clear text" connection to TLS. Disabling imap disallows connection of clients and sending clear text passwords on the wire :) You may consider (not technically 100% accurate): imaps=imap+TLS_always_on. And Carsten has already shown you how to enable imaps in imapd.conf. Hope it makes things more clear ;) Regards, Olaf -- Olaf Fraczyk <olaf@xxxxxxx> NAVI ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
