Answering my own question:
... or do I need to establish my own SSH tunnel from master to backup
server?
I do have to supply my own tunnel. The Cyrus backup daemon currently
(3.1.7) doesn't support the STARTTLS command.
if (!strcmp(cmd.s, "Starttls") && tls_enabled()) {
prot_printf(backupd_out, "NO command not implemented\r\n");
eatline(backupd_in, c);
continue;
}
Source:
https://github.com/cyrusimap/cyrus-imapd/blob/master/backup/backupd.c#L715
Patrick: you are running the Cyrus sync server on port 2005, which does
support TLS. That's not the same as the backup server (at least in the
3.x.x tree). Note the difference in the OK line from the server.
--
*Deborah Pickett*
System Administrator
*Polyfoam Australia Pty Ltd*
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
