[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Force client to use TLS



As I mentioned, one could use an ACL for fine-grained control. I assume
you mean an IPv4 loopback interface? Perhaps base off of:

# first, make sure TLS or localhost
access to *
	by tls_ssf=1 none break
	by peername.ip="127.0.0.1" none break
	by * none

# "real" ACL(s) go here, something like
access to *
	by self write
	by users read
	by anonymous auth

On Sat, 1 Jul 2006, Thierry Lacoste wrote:

> > Or: security tls=1
> What if I want to force TLS except on the loopback interface?