Mailing List ecs-isp@2rosenthals.com Message #1053
From: "Peter Moylan" <ecs-isp@2rosenthals.com>
Subject: Re: [eCS-ISP] Getting started with Let's Encrypt
Date: Sat, 7 Dec 2024 13:54:20 +1100
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

On 07/12/24 06:48, Massimo S. wrote:

i forgot to write that now i use LE also for popS (with stunnel) and
finally i don't have anymore issues with each update of thunderbird
that stop downloading any new mail if popS use self signed
certificates

Of course my current work on TLS is intended for more than just the web
server. Once I'm satisfied that the new WebServe is working properly[1],
my next project will be to add TLS capability to Weasel, so you might be
able to stop using your current solution.

[1] Although it is working right now, it still needs improvements. For
example, it only supports three cipher suites (TLS_NULL_WITH_NULL_NULL,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,, TLS_RSA_WITH_AES_128_CBC_SHA), and I haven't yet implemented things that weren't needed for a typical TLS
handshake. For example, I haven't allowed for re-using the encryption
state from a previous session, because that doesn't do anything
necessary, it only makes the reconnection faster.

And I might have to alter the way I use certificates, after I see how
Let's Encrypt works. If, for example, it uses the OpenSSL method of
using a hash result as a file name, then that's a big problem. I have
not been able to emulate OpenSSL's method of generating a hash function,
despite trying all the permutations allowed in the specification of how
OpenSSL does it.

--
Peter Moylan                  peter@pmoylan.org
http://www.pmoylan.org
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster