On 26 May 2010, at 10:58, Rudy Gevaert wrote: > On 02/11/2010 11:53 PM, Rich Wales wrote: >> I'm running Cyrus 2.3.16 (with replication) between two Ubuntu >> servers. >> >> What do I have to do to make the "sync_client" application invoke >> STARTTLS >> when it connects to "sync_server" on the other host? >> >> I can invoke TLS when I use the "synctest" program, but I can't >> seem to >> figure out how to force "sync_client" to use TLS when actually >> replicating. >> >> The reason I'm assuming TLS is not happening is that when /var/log/ >> syslog >> records the "User logged in" events associated with replication, >> TLS is >> not mentioned as part of the authentication mechanism in use. >> >> Right now, the lack of TLS is not a major issue because one of the >> servers >> is connected to my LAN via a VPN link (so it's encrypted). But I >> still >> want to know what I'm supposed to do in order for a TLS layer to >> happen. > > Has anybody been able to fix this? Define "fix". If you have allowplaintext set, there's no reason to use TLS. If you don't have allowplaintext, there are bugs in 2.3.16 that prevent it from working. See: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3174 There are other configurations that don't work, either. For example, if you configure sync_client to use a list of mechs, those mechs aren't compared to the mechs offered by sync_server. See: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3093 If you have feedback on either of these, I'm listening and committing improvements. Maybe you're trying to get TLS while using some other form of strong crypto? :wes ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html