> Import defaults to unencrypted, at least for me. Import and srv > *should* default to TLS but it's not implemented. SSL is implemented > for import but it's not the default.
Yes, but like you said earlier, it's SSLv2, not SSLv3. However, pushtls is here (even if not used anywhere) and it's easy to implement it. I recently added TLS support in exportfs, import and cpu, but it's not finished yet. The main difference between tlssrvtunnel and import is that tlssrvtunnel is using the TLS handshake protocol, while import is using a custom handshake protocol, without certificate handling. So it depends on what you want. -- David du Colombier
