TLS support in Archiveopteryx

TLS provides privacy and integrity protection to protocols like IMAP and SMTP. (It is best known for its use by secure web sites.)

Archiveopteryx offers to use TLS with all supported protocols. All clients that support TLS will normally use it with Archiveopteryx.

At the present time, Archiveopteryx never initiates connections, so it does not need to provide client-side TLS, certificate matching etc.

Certificates

Archiveopteryx supports using the usual sort of certificate from a proper CA.

In addition, Archiveopteryx can generate a certificate for itself: If there is no configured certificate, Archiveopteryx silently generates a self-signed certificate at startup. While we don't think using self-signed certificates is a very good idea, it's much better than using plain text.

Ciphers

With TLS, the server offers a list of ciphers to the client, and the client chooses.

In case of questions, please write to info@aox.org.

Relevant links

About this page

Last modified: 2010-11-19
Location: aox.org/tls