* TLS smpt encryption @ 2006-09-04 10:41 Phillip Lord 2006-09-06 9:17 ` Simon Josefsson 0 siblings, 1 reply; 5+ messages in thread From: Phillip Lord @ 2006-09-04 10:41 UTC (permalink / raw) I've been having problems getting tls working with SMTP. I think that there are failings into both the code base and the documentation for the code base that are making this problem much harder. First, the defaults. To use TLS, you have to reconfigure things like the ports manually, and have to do so in multiple places. So, for example, from the smtpmail documentation..... ;;(setq send-mail-function 'smtpmail-send-it) ; if you use `mail' ;;(setq message-send-mail-function 'smtpmail-send-it) ; if you use message/Gnus ;;(setq smtpmail-default-smtp-server "YOUR SMTP HOST") ;;(setq smtpmail-local-domain "YOUR DOMAIN NAME") ;;(setq smtpmail-sendto-domain "YOUR DOMAIN NAME") ;;(setq smtpmail-debug-info t) ; only to debug problems ;;(setq smtpmail-auth-credentials ; or use ~/.authinfo ;; '(("YOUR SMTP HOST" 25 "username" "password"))) ;;(setq smtpmail-starttls-credentials ;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert"))) Now authentication mail often uses a different port. So you have to change this. But this is done in smtpmail-smtp-service. The 25's in auth-credentials are only used to determine which credentials should be used. Confusing. I don't know what the standards are, but most mail readers you just click "SSL/TLS encryption" and the ports get set, or guessed, automatically. Second, the documentation. Take... ;;(setq smtpmail-starttls-credentials ;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert"))) So, whats .my_smtp_tls.key then? Where does it come from? How do I get it? Can I use gnutls to generate it? I have no idea at all. Further investigation suggests that actually you can leave this blank, and it should still work. Third, it would be nice if the documentation made clear that "TLS" appears to be the same thing as "SSL" -- at least in the context of SMTP servers. I was under the impression for a number of months that I could not use encryption for SMTP as our local server requires SSL, which smtpmail doesn't do. Actually, it uses TLS. Some documentation saying "if you are required to use SSL, this is probably what you want". Finally, it doesn't seem to work on windows. I spent three hours with a debugger a couple of days ago -- I figured this was the only way to see if I had the configuration right. It appears that starttls.el uses Unix specific process handling, so won't work with NTEmacs. I've been told that you can get this working with cygwin by calling out to kill.exe which works around the problem. Bit ugly! I realise that fixing this properly may take some time, but updating the documentation would be relatively quick! At the moment, I have access to a non TLS based stream, but this isn't going to last for ever. I suspect that many people are in the same boat. Thanks for your time! Phil ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TLS smpt encryption 2006-09-04 10:41 TLS smpt encryption Phillip Lord @ 2006-09-06 9:17 ` Simon Josefsson 2006-09-06 12:07 ` Phillip Lord 0 siblings, 1 reply; 5+ messages in thread From: Simon Josefsson @ 2006-09-06 9:17 UTC (permalink / raw) Cc: emacs-devel Phillip Lord <phillip.lord@newcastle.ac.uk> writes: > I've been having problems getting tls working with SMTP. I think that > there are failings into both the code base and the documentation for > the code base that are making this problem much harder. > > > > First, the defaults. To use TLS, you have to reconfigure things like > the ports manually, and have to do so in multiple places. The supported way to use TLS is NOT to use another port. The recommended practice since 1999, and probably before that, when RFC 2487 came out, is to use port 25 and use STARTTLS on that port. Emacs does not support 'ssmtp' aka 'smtps' on port 465. From what I can recall, nobody has ever asked for that feature either, so this doesn't seem widely deployed. > So, for example, from the smtpmail documentation..... > > > ;;(setq send-mail-function 'smtpmail-send-it) ; if you use `mail' > ;;(setq message-send-mail-function 'smtpmail-send-it) ; if you use message/Gnus > ;;(setq smtpmail-default-smtp-server "YOUR SMTP HOST") > ;;(setq smtpmail-local-domain "YOUR DOMAIN NAME") > ;;(setq smtpmail-sendto-domain "YOUR DOMAIN NAME") > ;;(setq smtpmail-debug-info t) ; only to debug problems > ;;(setq smtpmail-auth-credentials ; or use ~/.authinfo > ;; '(("YOUR SMTP HOST" 25 "username" "password"))) > ;;(setq smtpmail-starttls-credentials > ;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert"))) > > > > > Now authentication mail often uses a different port. Typically, no. > So you have to change this. But this is done in > smtpmail-smtp-service. The 25's in auth-credentials are only used to > determine which credentials should be used. Right, and you could have multiple credentials, for different ports. > Confusing. I don't know what the standards are, but most mail > readers you just click "SSL/TLS encryption" and the ports get set, > or guessed, automatically. Again, most programs use the same port. > Second, the documentation. Take... > > ;;(setq smtpmail-starttls-credentials > ;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" "~/.my_smtp_tls.cert"))) > > > So, whats .my_smtp_tls.key then? Where does it come from? How do I get > it? Can I use gnutls to generate it? I have no idea at all. Further > investigation suggests that actually you can leave this blank, and it > should still work. Did you read the Emacs SMTP Manual? An old copy is available from: http://josefsson.org/smtpmail.html But it is also part of Emacs. If you don't have a X.509 certificate/key pair, you can leave those fields empty. You can generate them using GnuTLS, but you need the server admin to recognize your certificate as well. Typically you don't need client authentication using TLS. The documentation for the variable seem sub-optimal here, so I have installed this change: --- smtpmail.el 15 Feb 2006 10:22:36 +0100 1.84 +++ smtpmail.el 06 Sep 2006 11:07:47 +0200 @@ -176,7 +176,12 @@ (defcustom smtpmail-starttls-credentials '(("" 25 "" "")) "Specify STARTTLS keys and certificates for servers. This is a list of four-element list with `servername' (a string), -`port' (an integer), `key' (a filename) and `certificate' (a filename)." +`port' (an integer), `key' (a filename) and `certificate' (a +filename). +If you do not have a certificate/key pair, leave the `key' and +`certificate' fields as `nil'. A key/certificate pair is only +needed if you want to use X.509 client authenticated +connections." :type '(repeat (list (string :tag "Server") (integer :tag "Port") (file :tag "Key") > Third, it would be nice if the documentation made clear that "TLS" > appears to be the same thing as "SSL" -- at least in the context of > SMTP servers. I was under the impression for a number of months that I > could not use encryption for SMTP as our local server requires SSL, > which smtpmail doesn't do. Actually, it uses TLS. Some documentation > saying "if you are required to use SSL, this is probably what you > want". SSL is an earlier version of TLS, but they are compatible. SMTP uses TLS, but people often incorrect call it SSL. I modified the Emacs SMTP Manual to mention SSL: Index: smtpmail.texi =================================================================== RCS file: /sources/emacs/emacs/man/smtpmail.texi,v retrieving revision 1.13 retrieving revision 1.14 diff -u -p -r1.13 -r1.14 --- smtpmail.texi 5 Feb 2006 22:41:31 -0000 1.13 +++ smtpmail.texi 6 Sep 2006 09:10:43 -0000 1.14 @@ -209,6 +209,8 @@ The following example illustrates what y @cindex CRAM-MD5 @cindex LOGIN @cindex STARTTLS +@cindex TLS +@cindex SSL Many environments require SMTP clients to authenticate themselves before they are allowed to route mail via a server. The two following variables contains the authentication information needed for this. @@ -220,10 +222,10 @@ that order if the server support both. The second variable, @code{smtpmail-starttls-credentials}, instructs the SMTP library to connect to the server using STARTTLS. This means the protocol exchange may be integrity protected and confidential by -using TLS, and optionally also authentication of the client. This -feature uses the elisp package @file{starttls.el} (see it for more -information on customization), which in turn require that at least one -of the following external tools are installed: +using TLS, also known as SSL, and optionally also authentication of +the client. This feature uses the elisp package @file{starttls.el} +(see it for more information on customization), which in turn require +that at least one of the following external tools are installed: @enumerate @item > Finally, it doesn't seem to work on windows. I spent three hours with > a debugger a couple of days ago -- I figured this was the only way to > see if I had the configuration right. It appears that starttls.el uses > Unix specific process handling, so won't work with NTEmacs. I've been > told that you can get this working with cygwin by calling out to > kill.exe which works around the problem. Bit ugly! I realise that > fixing this properly may take some time, but updating the > documentation would be relatively quick! I've seen it suggested that people have had success on Windows using the starttls binary instead of gnutls-cli. But I don't really know what works under Windows, so I don't know how to improve things here. > At the moment, I have access to a non TLS based stream, but this isn't > going to last for ever. I suspect that many people are in the same > boat. Right. Many people have migrated to SMTP over TLS already. /Simon ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TLS smpt encryption 2006-09-06 9:17 ` Simon Josefsson @ 2006-09-06 12:07 ` Phillip Lord 2006-09-11 14:00 ` Simon Josefsson 0 siblings, 1 reply; 5+ messages in thread From: Phillip Lord @ 2006-09-06 12:07 UTC (permalink / raw) >>>>> "SJ" == Simon Josefsson <jas@extundo.com> writes: >> First, the defaults. To use TLS, you have to reconfigure things >> like the ports manually, and have to do so in multiple places. SJ> The supported way to use TLS is NOT to use another port. SJ> The recommended practice since 1999, and probably before that, SJ> when RFC 2487 came out, is to use port 25 and use STARTTLS on SJ> that port. I am sure that you are correct about the RFC's. Maybe, you are correct about peoples use of ports as well, I don't know as I have a limited number of mail servers to try out on. All I can say is that anything which makes the task of connecting easier, including best guess hueristics on port numbers. SJ> Typically, no. >> So you have to change this. But this is done in >> smtpmail-smtp-service. The 25's in auth-credentials are only used >> to determine which credentials should be used. SJ> Right, and you could have multiple credentials, for different SJ> ports. Of course, I understand that the system as you have it set up offers more flexibility and that this is a good thing. However, the duplication of port numbers in general is confusing. You have said, after all, that in general people use the same port. >> Confusing. I don't know what the standards are, but most mail >> readers you just click "SSL/TLS encryption" and the ports get >> set, or guessed, automatically. SJ> Again, most programs use the same port. >> Second, the documentation. Take... >> >> ;;(setq smtpmail-starttls-credentials >> ;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" >> ;; "~/.my_smtp_tls.cert"))) >> >> >> So, whats .my_smtp_tls.key then? Where does it come from? How do >> I get it? Can I use gnutls to generate it? I have no idea at >> all. Further investigation suggests that actually you can leave >> this blank, and it should still work. SJ> Did you read the Emacs SMTP Manual? An old copy is available SJ> from: SJ> http://josefsson.org/smtpmail.html Yes. My comments about the documentation come as a result of reading it. I would not have commented on had I not done so. From my reading of this what the certificates used in smtpmail-starttls-credentials actually are is not described. Hence the confusion. SJ> But it is also part of Emacs. SJ> If you don't have a X.509 certificate/key pair, you can leave SJ> those fields empty. You can generate them using GnuTLS, but you SJ> need the server admin to recognize your certificate as well. SJ> Typically you don't need client authentication using TLS. SJ> The documentation for the variable seem sub-optimal here, so I SJ> have installed this change: SJ> --- smtpmail.el 15 Feb 2006 10:22:36 +0100 1.84 SJ> +++ smtpmail.el 06 Sep 2006 11:07:47 +0200 SJ> @@ -176,7 +176,12 @@ SJ> (defcustom smtpmail-starttls-credentials '(("" 25 "" "")) SJ> "Specify STARTTLS keys and certificates for servers. SJ> This is a list of four-element list with `servername' (a SJ> string), SJ> -`port' (an integer), `key' (a filename) and `certificate' (a SJ> filename)." +`port' (an integer), `key' (a filename) and SJ> `certificate' (a +filename). +If you do not have a SJ> certificate/key pair, leave the `key' and +`certificate' fields SJ> as `nil'. A key/certificate pair is only +needed if you want to SJ> use X.509 client authenticated +connections." SJ> :type '(repeat (list (string :tag "Server") SJ> (integer :tag "Port") (file :tag "Key") Thank you, this is much clear. >> Third, it would be nice if the documentation made clear that >> "TLS" appears to be the same thing as "SSL" -- at least in the >> context of SMTP servers. I was under the impression for a number >> of months that I could not use encryption for SMTP as our local >> server requires SSL, which smtpmail doesn't do. Actually, it uses >> TLS. Some documentation saying "if you are required to use SSL, >> this is probably what you want". SJ> SSL is an earlier version of TLS, but they are compatible. SMTP SJ> uses TLS, but people often incorrect call it SSL. I modified SJ> the Emacs SMTP Manual to mention SSL: SJ> Index: smtpmail.texi SJ> =================================================================== SJ> RCS file: /sources/emacs/emacs/man/smtpmail.texi,v retrieving SJ> revision 1.13 retrieving revision 1.14 diff -u -p -r1.13 -r1.14 SJ> --- smtpmail.texi 5 Feb 2006 22:41:31 -0000 1.13 SJ> +++ smtpmail.texi 6 Sep 2006 09:10:43 -0000 1.14 SJ> @@ -209,6 +209,8 @@ The following example illustrates what y SJ> @cindex CRAM-MD5 @cindex LOGIN @cindex STARTTLS SJ> +@cindex TLS +@cindex SSL SJ> Many environments require SMTP clients to authenticate SJ> themselves before they are allowed to route mail via a server. SJ> The two following variables contains the authentication SJ> information needed for this. SJ> @@ -220,10 +222,10 @@ that order if the server support both. SJ> The second variable, @code{smtpmail-starttls-credentials}, SJ> instructs the SMTP library to connect to the server using SJ> STARTTLS. This means the protocol exchange may be integrity SJ> protected and confidential by SJ> -using TLS, and optionally also authentication of the client. SJ> This -feature uses the elisp package @file{starttls.el} (see it SJ> for more -information on customization), which in turn require SJ> that at least one -of the following external tools are SJ> installed: +using TLS, also known as SSL, and optionally also SJ> authentication of +the client. This feature uses the elisp SJ> package @file{starttls.el} +(see it for more information on SJ> customization), which in turn require +that at least one of the SJ> following external tools are installed: SJ> @enumerate @item I would modify this a bit -- TLS and SSL are not the same thing as you suggest. I would say explicitly what you have just described to me. This means the protocol exchange may be integrity protected and confidential by using TLS, and optionally also authentication of the client. TLS is a secure, encrypted communication method which is compatible with SSL. In most cases where the system admins say that "SSL is required", TLS will work. >> Finally, it doesn't seem to work on windows. I spent three hours >> with a debugger a couple of days ago -- I figured this was the >> only way to see if I had the configuration right. It appears that >> starttls.el uses Unix specific process handling, so won't work >> with NTEmacs. I've been told that you can get this working with >> cygwin by calling out to kill.exe which works around the >> problem. Bit ugly! I realise that fixing this properly may take >> some time, but updating the documentation would be relatively >> quick! SJ> I've seen it suggested that people have had success on Windows SJ> using the starttls binary instead of gnutls-cli. But I don't SJ> really know what works under Windows, so I don't know how to SJ> improve things here. The problem is with your process handling. (signal-process (process-id process) 'SIGALRM) wont work. If you are using the cygwin gnutls, then this can be faked using "kill" directly, but NTEmacs cannot send this signal, at least to my knowledge. I might try starttls, but in general, its easier to have as few extraneous binaries as possible, hence the desire to use If TLS is compatible with SSL, would it not possible to use the SSL binaries. As I say, the IMAP code works fine using SSL? >> At the moment, I have access to a non TLS based stream, but this >> isn't going to last for ever. I suspect that many people are in >> the same boat. SJ> Right. Many people have migrated to SMTP over TLS already. Yep. Once everwhere goes, I can no longer send email with emacs. I spent 6 months on outlook this year and the experience was, er, less than optimal, shall I say. Phil ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TLS smpt encryption 2006-09-06 12:07 ` Phillip Lord @ 2006-09-11 14:00 ` Simon Josefsson 2006-09-11 14:42 ` Phillip Lord 0 siblings, 1 reply; 5+ messages in thread From: Simon Josefsson @ 2006-09-11 14:00 UTC (permalink / raw) Cc: emacs-devel Phillip Lord <phillip.lord@newcastle.ac.uk> writes: >>>>>> "SJ" == Simon Josefsson <jas@extundo.com> writes: > > > >> First, the defaults. To use TLS, you have to reconfigure things > >> like the ports manually, and have to do so in multiple places. > > SJ> The supported way to use TLS is NOT to use another port. > > SJ> The recommended practice since 1999, and probably before that, > SJ> when RFC 2487 came out, is to use port 25 and use STARTTLS on > SJ> that port. > > I am sure that you are correct about the RFC's. Maybe, you are correct > about peoples use of ports as well, I don't know as I have a limited > number of mail servers to try out on. All I can say is that anything > which makes the task of connecting easier, including best guess > hueristics on port numbers. Right. > SJ> Typically, no. > > >> So you have to change this. But this is done in > >> smtpmail-smtp-service. The 25's in auth-credentials are only used > >> to determine which credentials should be used. > > SJ> Right, and you could have multiple credentials, for different > SJ> ports. > > Of course, I understand that the system as you have it set up offers > more flexibility and that this is a good thing. However, the > duplication of port numbers in general is confusing. You have said, > after all, that in general people use the same port. Yup. > >> Confusing. I don't know what the standards are, but most mail > >> readers you just click "SSL/TLS encryption" and the ports get > >> set, or guessed, automatically. > > SJ> Again, most programs use the same port. > > >> Second, the documentation. Take... > >> > >> ;;(setq smtpmail-starttls-credentials > >> ;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key" > >> ;; "~/.my_smtp_tls.cert"))) > >> > >> > >> So, whats .my_smtp_tls.key then? Where does it come from? How do > >> I get it? Can I use gnutls to generate it? I have no idea at > >> all. Further investigation suggests that actually you can leave > >> this blank, and it should still work. > > SJ> Did you read the Emacs SMTP Manual? An old copy is available > SJ> from: > > SJ> http://josefsson.org/smtpmail.html > > Yes. My comments about the documentation come as a result of reading > it. I would not have commented on had I not done so. From my reading > of this what the certificates used in smtpmail-starttls-credentials > actually are is not described. Hence the confusion. Ok. A complete discussion of X.509 and certificates (a complex topic!) is not appropriate, but a shorter explanation may be useful. Patches welcome... > SJ> But it is also part of Emacs. > > SJ> If you don't have a X.509 certificate/key pair, you can leave > SJ> those fields empty. You can generate them using GnuTLS, but you > SJ> need the server admin to recognize your certificate as well. > SJ> Typically you don't need client authentication using TLS. > > SJ> The documentation for the variable seem sub-optimal here, so I > SJ> have installed this change: > > SJ> --- smtpmail.el 15 Feb 2006 10:22:36 +0100 1.84 > SJ> +++ smtpmail.el 06 Sep 2006 11:07:47 +0200 > SJ> @@ -176,7 +176,12 @@ > SJ> (defcustom smtpmail-starttls-credentials '(("" 25 "" "")) > SJ> "Specify STARTTLS keys and certificates for servers. > SJ> This is a list of four-element list with `servername' (a > SJ> string), > SJ> -`port' (an integer), `key' (a filename) and `certificate' (a > SJ> filename)." +`port' (an integer), `key' (a filename) and > SJ> `certificate' (a +filename). +If you do not have a > SJ> certificate/key pair, leave the `key' and +`certificate' fields > SJ> as `nil'. A key/certificate pair is only +needed if you want to > SJ> use X.509 client authenticated +connections." > SJ> :type '(repeat (list (string :tag "Server") > SJ> (integer :tag "Port") (file :tag "Key") > > > Thank you, this is much clear. Ok. > >> Third, it would be nice if the documentation made clear that > >> "TLS" appears to be the same thing as "SSL" -- at least in the > >> context of SMTP servers. I was under the impression for a number > >> of months that I could not use encryption for SMTP as our local > >> server requires SSL, which smtpmail doesn't do. Actually, it uses > >> TLS. Some documentation saying "if you are required to use SSL, > >> this is probably what you want". > > SJ> SSL is an earlier version of TLS, but they are compatible. SMTP > SJ> uses TLS, but people often incorrect call it SSL. I modified > SJ> the Emacs SMTP Manual to mention SSL: > > SJ> Index: smtpmail.texi > SJ> =================================================================== > SJ> RCS file: /sources/emacs/emacs/man/smtpmail.texi,v retrieving > SJ> revision 1.13 retrieving revision 1.14 diff -u -p -r1.13 -r1.14 > SJ> --- smtpmail.texi 5 Feb 2006 22:41:31 -0000 1.13 > SJ> +++ smtpmail.texi 6 Sep 2006 09:10:43 -0000 1.14 > SJ> @@ -209,6 +209,8 @@ The following example illustrates what y > SJ> @cindex CRAM-MD5 @cindex LOGIN @cindex STARTTLS > SJ> +@cindex TLS +@cindex SSL > SJ> Many environments require SMTP clients to authenticate > SJ> themselves before they are allowed to route mail via a server. > SJ> The two following variables contains the authentication > SJ> information needed for this. > SJ> @@ -220,10 +222,10 @@ that order if the server support both. > SJ> The second variable, @code{smtpmail-starttls-credentials}, > SJ> instructs the SMTP library to connect to the server using > SJ> STARTTLS. This means the protocol exchange may be integrity > SJ> protected and confidential by > SJ> -using TLS, and optionally also authentication of the client. > SJ> This -feature uses the elisp package @file{starttls.el} (see it > SJ> for more -information on customization), which in turn require > SJ> that at least one -of the following external tools are > SJ> installed: +using TLS, also known as SSL, and optionally also > SJ> authentication of +the client. This feature uses the elisp > SJ> package @file{starttls.el} +(see it for more information on > SJ> customization), which in turn require +that at least one of the > SJ> following external tools are installed: > > SJ> @enumerate @item > > > > I would modify this a bit -- TLS and SSL are not the same thing as you > suggest. I would say explicitly what you have just described to me. > > This means the protocol exchange may be integrity protected and > confidential by using TLS, and optionally also authentication of the > client. > > TLS is a secure, encrypted communication method which is compatible > with SSL. In most cases where the system admins say that "SSL is > required", TLS will work. I have installed this patch. --- smtpmail.texi 06 Sep 2006 11:10:02 +0200 1.14 +++ smtpmail.texi 11 Sep 2006 15:53:01 +0200 @@ -214,6 +214,7 @@ Many environments require SMTP clients to authenticate themselves before they are allowed to route mail via a server. The two following variables contains the authentication information needed for this. + The first variable, @code{smtpmail-auth-credentials}, instructs the SMTP library to use a SASL authentication step, currently only the CRAM-MD5 and LOGIN mechanisms are supported and will be selected in @@ -222,10 +223,17 @@ The second variable, @code{smtpmail-starttls-credentials}, instructs the SMTP library to connect to the server using STARTTLS. This means the protocol exchange may be integrity protected and confidential by -using TLS, also known as SSL, and optionally also authentication of -the client. This feature uses the elisp package @file{starttls.el} -(see it for more information on customization), which in turn require -that at least one of the following external tools are installed: +using the Transport Layer Security (TLS) protocol, and optionally also +authentication of the client and server. + +TLS is a security protocol that is also known as SSL, although +strictly speaking, SSL is an older variant of TLS. TLS is backwards +compatible with SSL. In most mundane situations, the two terms are +equivalent. + +The TLS feature uses the elisp package @file{starttls.el} (see it for +more information on customization), which in turn require that at +least one of the following external tools are installed: @enumerate @item > >> Finally, it doesn't seem to work on windows. I spent three hours > >> with a debugger a couple of days ago -- I figured this was the > >> only way to see if I had the configuration right. It appears that > >> starttls.el uses Unix specific process handling, so won't work > >> with NTEmacs. I've been told that you can get this working with > >> cygwin by calling out to kill.exe which works around the > >> problem. Bit ugly! I realise that fixing this properly may take > >> some time, but updating the documentation would be relatively > >> quick! > > SJ> I've seen it suggested that people have had success on Windows > SJ> using the starttls binary instead of gnutls-cli. But I don't > SJ> really know what works under Windows, so I don't know how to > SJ> improve things here. > > The problem is with your process handling. > > (signal-process (process-id process) 'SIGALRM) > > wont work. Why not? Wouldn't that a bug in NTEmacs? > If you are using the cygwin gnutls, then this can be faked using > "kill" directly, but NTEmacs cannot send this signal, at least to my > knowledge. If "kill" can do it, then probably NTEmacs could too. And NTEmacs probably should do that, especially if `signal-process' doesn't do anything useful at all under Windows. However, some NTEmacs person should answer this. > I might try starttls, but in general, its easier to have as few > extraneous binaries as possible, hence the desire to use > > If TLS is compatible with SSL, would it not possible to use the SSL > binaries. As I say, the IMAP code works fine using SSL? IMAP uses the same library, starttls.el, as SMTP. So they are already using the same tools. Btw, IMAP uses TLS, strictly speaking. > >> At the moment, I have access to a non TLS based stream, but this > >> isn't going to last for ever. I suspect that many people are in > >> the same boat. > > SJ> Right. Many people have migrated to SMTP over TLS already. > > > Yep. Once everwhere goes, I can no longer send email with emacs. I > spent 6 months on outlook this year and the experience was, er, less > than optimal, shall I say. Many people have migrated to SMTP over TLS with Emacs too, I remember writing the first support for this in Emacs around 2000 to 2001 somewhere, and many used it successfully even back then. /Simon ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: TLS smpt encryption 2006-09-11 14:00 ` Simon Josefsson @ 2006-09-11 14:42 ` Phillip Lord 0 siblings, 0 replies; 5+ messages in thread From: Phillip Lord @ 2006-09-11 14:42 UTC (permalink / raw) >>>>> "SJ" == Simon Josefsson <jas@extundo.com> writes: SJ> I've seen it suggested that people have had success on Windows SJ> using the starttls binary instead of gnutls-cli. But I don't SJ> really know what works under Windows, so I don't know how to SJ> improve things here. >> >> The problem is with your process handling. >> >> (signal-process (process-id process) 'SIGALRM) >> >> wont work. SJ> Why not? Wouldn't that a bug in NTEmacs? >> If you are using the cygwin gnutls, then this can be faked using >> "kill" directly, but NTEmacs cannot send this signal, at least to >> my knowledge. SJ> If "kill" can do it, then probably NTEmacs could too. And SJ> NTEmacs probably should do that, especially if `signal-process' SJ> doesn't do anything useful at all under Windows. However, some SJ> NTEmacs person should answer this. No. "kill" in question is cygwin kill, which NTEmacs doesn't know about. NTEmacs is a windows process, so only knows how to send windows process signals. As far as I know, windows doesn't do SIGALRM -- I could be wrong. I try not to get this close to the OS where ever possible. >> I might try starttls, but in general, its easier to have as few >> extraneous binaries as possible, hence the desire to use >> >> If TLS is compatible with SSL, would it not possible to use the >> SSL binaries. As I say, the IMAP code works fine using SSL? SJ> IMAP uses the same library, starttls.el, as SMTP. So they are SJ> already using the same tools. Btw, IMAP uses TLS, strictly SJ> speaking. No, I don't think you are right. From the Gnus/imap documentation. * "tls:" Connect through TLS. Requires GNUTLS (the program `gnutls-cli'). * "ssl:" Connect through SSL. Requires OpenSSL (the program `openssl') or SSLeay (`s_client'). So, I am using OpenSSL not tls, nor gnutls-cli to communicate with my IMAP server. The communication layer works fine here. Certainly, my imap connections worked fine without gnutls-cli being installed. >> Yep. Once everwhere goes, I can no longer send email with >> emacs. I spent 6 months on outlook this year and the experience >> was, er, less than optimal, shall I say. SJ> Many people have migrated to SMTP over TLS with Emacs too, I SJ> remember writing the first support for this in Emacs around 2000 SJ> to 2001 somewhere, and many used it successfully even back then. Under windows? Phil ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-09-11 14:42 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2006-09-04 10:41 TLS smpt encryption Phillip Lord 2006-09-06 9:17 ` Simon Josefsson 2006-09-06 12:07 ` Phillip Lord 2006-09-11 14:00 ` Simon Josefsson 2006-09-11 14:42 ` Phillip Lord
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).