Thanks Patrick. I wonder if I inadvertently compiled out support for TLS when I built my binaries. I’ll try it again with the stock binaries rather than my patched ones. > On 8 Nov 2019, at 22:42, Patrick Boutilier <boutilpj@xxxxxxxxxxx> wrote: > > Odd, works here. > > > telnet localhost 2005 > Trying ::1... > Connected to localhost. > Escape character is '^]'. > * SASL PLAIN > * STARTTLS > * COMPRESS DEFLATE > * OK domain Cyrus sync server v2.4.20 > STARTTLS > OK Begin TLS negotiation now > > > > >> On 11/8/19 2:12 AM, Deborah Pickett wrote: >> ... or do I need to establish my own SSH tunnel from master to backup server? >> I've set up my dedicated Cyrus backup server with tls_server_cert and tls_server_key, and when I connect to port 2005 I see that STARTTLS is offered: >> # nc localhost 2005 >> * SASL PLAIN LOGIN DIGEST-MD5 >> * STARTTLS >> * COMPRESS DEFLATE >> * OK rsync Cyrus backup server 3.0.11-Debian-3.0.11-1~bpo10+1 >> STARTTLS >> NO command not implemented >> But as shown, the STARTTLS command from the client is rejected. >> I believe that DIGEST-MD5 gives me some level of privacy (sync_test reports a security strength factor of 128) even without TLS? ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
