[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reject requests on non-secure connections

Terry Gardner wrote:
> can the server be configured to reject all requests on that exception
> except for the StartTLS extended request in order to prevent clients from
> transmitting data in the clear?

Watch out for configuration directives 'security' and 'sasl-secprops'.
You might want to set TLSCipherSuite to avoid that a client uses a weak cipher
or crypto protocol.

But strictly speaking nothing prevents a misconfigured client to send
clear-text credentials over the wire. Rejecting processing them only gives a
strong hint that this is not the desired behaviour...

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature