On 1/14/19 11:02 AM, Stephan Bosch wrote:
Op 14-1-2019 om 9:58 schreef Dominik Menke:
On 1/13/19 12:23 PM, Stephan Bosch wrote:
With ssl=yes, the TLS layer is enabled immediately on the connection.
Again, that's not what the documentation says:
ssl=yes [...]: SSL/TLS is offered to the client, but the client
isn't required to use it.
If the client is not _required_ to use it, it _may_ chose plaintext
transport, no?
(I'm not here to argue, I'm just pointing out an issue with the wiki).
Oh, I think we are talking about different things here. You're talking
about the global ssl= setting. I am talking about the ssl = yes inside
the service listener configuration
(https://wiki.dovecot.org/Services#inet_listeners). The former specifies
whether SSL is available/required for user connections in general,
whereas the latter specifies whether the service activates the TLS layer
immediately for that particular listener. The latter is also where you
made the configuration mistake.
Oh, I see! Thanks for the clarification :-)
--Dominik
