Search found 7 matches

by myname
2014-09-14 19:30
Forum: Development & alpha discussions
Topic: STARTTLS feedback?
Replies: 157
Views: 64058

Re: STARTTLS feedback?

I just can think of when you will create a new version in VS why not use "SslStream Class" instead of openssl. https://www.simple-talk.com/dotnet/.net-framework/tlsssl-and-.net-framework-4.0/ http://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.100).aspx Think of it, please, on...
by myname
2014-09-14 17:45
Forum: Development & alpha discussions
Topic: STARTTLS feedback?
Replies: 157
Views: 64058

Re: STARTTLS feedback?

Martin, according to me, it's like this. DH file should be 2048 bytes big. Just be generated only once since it is not used as a prime number, but the base for generator of prime numbers. Of course may be somewhere in the item advaced security menu button regenerate DH file. But it then I think, tha...
by myname
2014-09-13 16:52
Forum: Off-topic discussions
Topic: I am New.
Replies: 20
Views: 7296

Re: I am New.

Hello I am new too
by myname
2014-09-13 16:48
Forum: Development & alpha discussions
Topic: STARTTLS feedback?
Replies: 157
Views: 64058

Re: STARTTLS feedback?

Perfect Forward Secrecy is need to leave connection private. For example: http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html But I rather it was a this. According to me indicates a problem in the implementation of TLS in hMailServer when going message sending PFS works but not wh...
by myname
2014-09-13 16:02
Forum: Development & alpha discussions
Topic: STARTTLS feedback?
Replies: 157
Views: 64058

Re: STARTTLS feedback?

First of all I would like to thank you for the 2074 version where STARTTLS already works ! But Ehych is right in saying that you can not use any "DH" for the connection to hMailServer. So if the window SSL / TLS ciphers sets cipher containing any "DH" the connection fails: openssl s_client -connect ...
by myname
2014-08-30 14:41
Forum: Development & alpha discussions
Topic: STARTTLS feedback?
Replies: 157
Views: 64058

Re: STARTTLS feedback?

So you think that if the recipient mailserver certificate is untrusted to not encrypt the transmission is better? It's just that takle no one else in the world does not. If you accept the view that it is better to encrypt the transmission over unverified certificate then you not need to figure out h...
by myname
2014-08-28 22:25
Forum: Development & alpha discussions
Topic: STARTTLS feedback?
Replies: 157
Views: 64058

Re: STARTTLS feedback?

1) Do not use validation certificate trust for STARTTLS. At least not as a default option. You are probably the only one in the world who use for STARTTLS certificate validation requires. You are on very thin ice. In the current version is function STARTTLS in hMailServer with this condition rather ...