[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] SSL & IMAP

Subject: Re: [cobalt-security] SSL & IMAP
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: Thu, 6 Dec 2001 21:29:01 +0300
Organization: Average
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 6 Dec 2001 10:33:09 -0700
"Curtis Ross" <Curtis_Ross@xxxxxx> wrote:

> Can anyone tell me how to implement SSL for IMAP. I've done some
> searching on the 'net and haven't found any clear explanation how to do
> it.

There are two approaches.  One is to install an "ssl wrapper", this is
an userspace proxy application that accepts SSL connections, converts
data and either passes it to another port on localhost, or as stdin
to a forked "real" application.  Examples of these are stunnel and
sslwrap (or was it sslwrapper?).

Another approach is to have SSL implemented in the "real" application.
This has an advantage that you have real peer address to check and to
put into logs.  UW imapd.2001 is an example of such application,
see ftp://ftp.cac.washington.edu/.

I personally prefer the second way.  But beware that UW imapd is known
to have had several security problems in the past.

Eugene

References:
- [cobalt-security] SSL & IMAP
  - From: Curtis Ross

Prev by Date: [cobalt-security] Re: Hacked, need to verify some files
Next by Date: Re: [cobalt-security] From Slackware To RaQ4r
Previous by thread: Re: [cobalt-security] SSL & IMAP
Next by thread: RE: [cobalt-security] SSL & IMAP

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index