[Remops] 'kreti' back online
Steve Crook
steve at mixmin.net
Mon Oct 7 16:55:10 BST 2013
On Mon, Oct 07, 2013 at 10:32:58AM -0400, Tom Ritter wrote:
> On 7 October 2013 06:18, Yamashi Tanaka <yamashi at hoi-polloi.org> wrote:
>
> Hm. A (1 year old) survey of inbound TLS support on mixmaster nodes is at
> http://www.noreply.org/tls/ - a lot of them are listed as supporting DHE.
Here's a more recent copy:-
http://www.mixmin.net/tls/
(All credit to the author, I'm just running the app and publishing the
results.)
> A more methodical test may reveal they are unable (or unwilling) to
> negotiate TLS (or certain ciphersuites) on outbound connections. (This may
> be the smtps column, which very few servers support)
The SMTPS column refers to SSL connections on port 465 (aka ssmtp).
This predates the STARTTLS method and is usually only provided for
legacy support.
MTA's advertising STARTTLS capabilities should inform the connecting
client and a secure connection is then negotiated between them. Not all
remailer MTAs support this capability though so enforcing it would
probably result in some broken chains.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20131007/efdf2d4c/attachment.sig>
More information about the Remops
mailing list