Le ven. 23 déc. 2022 à 13:53, Jan Mojzis <jan.moj...@gmail.com> a écrit :
> Hi, > > Tlswrapper (similar to stunnel) adds TLS encryption functionality to > programs without modifying their code. > > The fundamental difference against stunnel is in the approach to security. > Tlswrapper s tries to defend against all possible bugs in the TLS library > itself and > tries to mitigate the impact of such a bug. > ../.. > Example of how to use tlswrapper to protect mail protocols: > > - run dovecot IMAPS service on port 993, authorization using client certs, > and run under user extracted from client certificate from commonName: > tcpserver -HRDl0 0.0.0.0 993 \ > /usr/bin/tlswrapper -U commonName -f /etc/ssl/sslcert.pem -a > /etc/ssl/ca.pem \ > /usr/lib/dovecot/imap > > - run old QMAIL qmail-smtpd SMTP service on port 25 with STARTTLS enabled > (without patching QMAIL) > tcpserver -HRDl0 0 25 \ > tlswrapper -v -n -f /etc/ssl/cert.pem \ > tlswrapper-smtp -v -u qmaild \ > qmail-smtpd > > In the example is used tcpserver (from deb. package ucspi-tcp) but > similary can be used from e.g. systemd/inetd/... etc. . The examples are interesting, maybe tlswrapper documentation should include them. I can sponsor this, but I have a feeling that won't be accepted before freeze. Let's see. For the salsa repo: let's keep using yours for now, and see in which team it should go later. Jérémy
