james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harmeet Bedi" <harm...@kodemuse.com>
Subject Re: More on SMTPS (TLS) James and M$OE MUA
Date Thu, 16 May 2002 15:56:05 GMT
From: "Andrei Ivanov" <myfam@surfeu.fi>
> Disabling SSLv2 made thing work!

This seems to be an Avalon Bug. SSLv2 support is often turned off because of
week security. But the SSL servers must recognize SSLv2 Client
Handshake(first message from client to server) for backward compatibility.
For a secure server there should be support for SSLv3 and SSLv2 Client
Hello. TLS support is good but does not improve security over SSLv3.

> from MY experience it notably slows down things...

My experience too. Ideally SSL should have 5-10% overhead for long running
test over plain sockets. JSSE performs very poorly. I wrote an SSL Library
for specifically performance and Compatibility issues. It is can be obtained
from http://ssllib.sourceforge.net or
http://sourceforge.net/projects/ssllib/. It is under Apache license and
completely OpenSource. If the Avalon/James folks have some cycles they
should look at it. It is straight forward to implement Avalon Connection
Listener Block on it.

Harmeet

----- Original Message -----
From: "Andrei Ivanov" <myfam@surfeu.fi>
Subject: Re: More on SMTPS (TLS) James and M$OE MUA


> Disabling SSLv2 made thing work!
> Thanks for taking care of my cry :-)
> Andrei
> PS
> > BTW. What has been your experience with JSSE ? Does it seem ok/fast ?
> from MY experience it notably slows down things...
>
>
> ----- Original Message -----
> From: "Harmeet Bedi" <harmeet@kodemuse.com>
> To: "James Developers List" <james-dev@jakarta.apache.org>
> Sent: Thursday, May 16, 2002 5:03 PM
> Subject: Re: More on SMTPS (TLS) James and M$OE MUA
>
>
> > It looks like your first message from client to server is SSLv3 Hello.
> >
> > MS typically sends the first message as SSLv2 Hello. The server side
JSSE
> > may not be configured to support SSLv2. The motivation for doing this is
> > documented at
> >
>
http://ssllib.sourceforge.net/docall/com/kodemuse/security/ssl/ClientHelloV2
> > .html
> >
> > There is a way to specify protocols supported in IE. Go to 'Advanced'
tab
> in
> > Internet Options. Turn of SSLv2, restart IE and OE and see if that make
a
> > difference.
> >
> > Harmeet
> >
> > BTW. What has been your experience with JSSE ? Does it seem ok/fast ?
> >
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:james-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:james-dev-help@jakarta.apache.org>


--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message