Article delegate-en/2803 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: SSLway on demand for STARTTLS (Re: SSLway / EHLO / STARTTLS)
25 Dec 2004 03:28:43 GMT (Yutaka Sato)
The DeleGate Project

On 12/20/04(08:07) you feedback@delegate.. (Yutaka Sato) wrote
in <_A2800@delegate-en.ML_>
 | |I agree that the implementation of STARTTLS in DeleGate should be more
 | |neat, but I think it should be implemented in each protocol interpreter
 | |of each application protocol, as described in
 | |<URL:> (in Japanese,
 | |sorry) while keeping the code of SSLway as simple as possible.
 | |
 | |In this approach, we can realize "starting TLS coder (sslway) only when
 | |it is necessary", as realized in STARTTLS for FTP-data.  Also it will
 | |ease the replacement of SSLway with other simple TLS coder in future,
 | |like s_server/s_client of OpenSSL.
 | |So I extended "smtp.c" to support such "SSLway on demand" by extending
 | |the CMAP parameter.  It can be used as
 |I implemented this for STARTTLS in FTP-DeleGate too, thus you can wrap
 |FTP by SSL with

To make the interface more simple, I introduced "STLS" parameter.
For any protocol supporting STARTTLS (FTP, SMTP, POP, IMAP), you can
enalbe STARTTLS with the following parameter.

  STLS=FCL   ... for STARTTLS with client
  STLS=FSV   ... for STARTTLS with server

 |The current snap-shot of DeleGate including this extension is uploaded
 |as 8.10.4-pre2.

The current snap-shot of DeleGate including this extension is uploaded
as 8.10.4-pre3.

  D G   Yutaka Sato <>
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

STLS parameter*     ==  STLS=stlsSpecs[,sslwayCom][:connMap]
         stlsSpecs  ==  [-]stlsSpec[/ssl][,stlsSpecs]
           stlsSpec ==  FSV | FCL
           connMap  ==  ProtoList:dstHostList:srcHostList
                    --  default: none
                    --  restriction: applicable to FTP, SMTP, POP, IMAP
                    --  required: SSLway

      This parameter controls the initiation of SSL (TLS) based on a negotiation
 between client and server in each application protocol. The common scheme of the
 negotiation is known as "STARTTLS". "FSV" specifies using SSL with server and
 "FCL" specifies using SSL with client. When SSL is not supported on a connection,
 the STARTTLS negotiation will fail and the connection will be closed by default.
 To continue a session even when SSL is not available, prefix "-" to "FSV" or "FCL".

            STLS="FCL" -- use SSL with client (exit the session if not available)
            STLS="-FCL" -- use SSL with client if available
            STLS="FSV,-FCL" -- use SSL with server, and with client if available
            STLS="FSV/ssl" SERVER="ftp" -- use AUTH SSL instead of AUTH TLS

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]