diff options
author | Peter Palfrader <peter@palfrader.org> | 2004-11-15 09:20:11 +0000 |
---|---|---|
committer | Peter Palfrader <peter@palfrader.org> | 2004-11-15 09:20:11 +0000 |
commit | 5e95090defff64bc8cd7a318a73aa930948fb66d (patch) | |
tree | d977ded4207e51914d539b0ecd20b8583d37c8ea /web/tls | |
parent | 6c3e0ba0a82307abf825bf1cde85638464ab1713 (diff) |
Initial import
Diffstat (limited to 'web/tls')
-rw-r--r-- | web/tls/Makefile.am | 35 | ||||
-rw-r--r-- | web/tls/template.tmpl | 118 |
2 files changed, 153 insertions, 0 deletions
diff --git a/web/tls/Makefile.am b/web/tls/Makefile.am new file mode 100644 index 0000000..72b21e1 --- /dev/null +++ b/web/tls/Makefile.am @@ -0,0 +1,35 @@ +SUBDIRS = + +based_in = htdocs +include $(top_srcdir)/Makefile.common + +doc_DATA = index.html + + +addresses: $(ECHOLOT_BASE)/results/mlist2.txt $(ECHOLOT_BASE)/results/rlist2.txt + cat $(ECHOLOT_BASE)/results/mlist2.txt $(ECHOLOT_BASE)/results/rlist2.txt > addresses + +tls-result: addresses + if [ -e $@ ] ; then \ + mod=`stat -c '%Y' $@`; \ + else \ + mod=0; \ + fi; \ + now=`date +'%s'`; \ + if [ $$(( $$now - $$mod )) -gt $(TLS_AGE) ]; then \ + $(top_srcdir)/bin/tls-check < $< > $@; \ + fi + +index.html: tls-result + rm -f cert-*.txt; + $(top_srcdir)/bin/tls2html < $< > $@; + +clean: + rm -f tls-result index.html addresses cert-*.txt addresses + +install-data-local: index.html + [ -d $(docdir) ] || mkdir $(docdir) + cp cert-*.txt $(docdir) + +uninstall-local: index.html + rm -f $(docdir)/cert-*.txt diff --git a/web/tls/template.tmpl b/web/tls/template.tmpl new file mode 100644 index 0000000..99d8cfa --- /dev/null +++ b/web/tls/template.tmpl @@ -0,0 +1,118 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> +<head><title>TLS @ noreply</title></head> +<body bgcolor="#aaaaaa" text="#000000" LINK="#0000ff" ALINK="#ff0000" VLINK="#ff0000"> +<table cellpadding=0 cellspacing=0 width="100%"> +<tr><td colspan=2 bgcolor="#444444"><font color="#ffffff"><a href="/"><font color="#bbbbff">www.noreply.org</font></a> :: TLS </font></td></tr> +<tr><td colspan=2 bgcolor="#ffffff"> </td></tr> +<tr><td bgcolor="#ffffff"> </td> +<td bgcolor="#ffffff"> + +<h1>SMTP - TLS</h1> + +<strong>T</strong>ransport +<strong>L</strong>ayer +<strong>S</strong>ecurity (similar to SSL) +brings forward secrecy to Internet Email by encrypting SMTP traffic. +<p> +Even though usual remailer mail is already encrypted, TLS adds security +because the key used in TLS sessions usually is ephemeral - i.e. it only +exists for seconds and is destroyed immediatly after use. Whether or +not short-lived keys are used depends on the cipher suite chosen. +(The EDH (Ephemeral Diffie-Hellman) ciphers use ephemeral keys.) +<p> +Ephemeral keys make it impossible to decrypt data which was eavesdropped at one +time by compromising a remailer's key later. +<p> +Since remailer keys are valid for weeks, sometimes years, this makes +remailing more secure. + +<p> +The submission column indicates that a mailserver acceps mails on port 587 +(submission). The smtps column that it accepts SSL connections on port 465 +(smtps) for use with stunnel and similar. Some hosts also accept normal +connections on port 2525 - this is indicated in the column 2525. <!--The same +holds true for port 25000.--> +<em>Please note that some hosts may enforce the use of TLS on the submission port.</em> + +<p> +<!--More recent stunnel versions can also do STARTTLS using <code>-starttls smtp</code>.--> +Stunnel can do STARTTLS using <code>-n smtp</code> or with </code>protocol = smtp</code> in your config file, depending on your version. + +<p> +See the <a href="http://www.bananasplit.info/mailtls.html">Encrypted Email +- TLS/SSL</a> on <a href="http://www.bananasplit.info/">banasplit</a> for a + howto on using stunnel on Windows with Quicksilver and JBN2. + +<p> +<table border=0 cellpadding=2 cellspacing=0> +<tr> <th>remailer</th><th>mail exchanger</th><th>priority</th><th>TLS</th><th>submission</th><th>smtps</th><th>2525</th><!--<th>25000</th>--><th>error/warning</th> </tr> +<TMPL_LOOP NAME="remailer"> + <tr><td colspan="9" bgcolor="#77e7ef"><strong><TMPL_VAR NAME="nick"></strong> <<TMPL_VAR NAME="address">></td></tr> + <TMPL_LOOP NAME="mx"> + <tr><td> </td> + <td class="monowidth"><TMPL_VAR NAME="mx"></td> + <td align="right"><TMPL_VAR NAME="pri"></td> + <TMPL_IF NAME="result-defined"> + <TMPL_IF NAME="result"> + <TMPL_IF NAME="tls"> + <td align="center" bgcolor="#baffcc"><!--YES - + --><a href="<TMPL_VAR NAME="cert_url">">YES</a><TMPL_IF NAME="tls-cipher"><br><small><TMPL_VAR NAME="tls-cipher"></small></TMPL_IF></td> + <TMPL_ELSE> + <td align="center" bgcolor="#ff7f7f">announced - + does not work</td> + </TMPL_IF> + <TMPL_ELSE> + <td align="center" bgcolor="#ffb7b7">no</td> + </TMPL_IF> + <TMPL_ELSE> + <td align="center">N/A</td> + </TMPL_IF> + <TMPL_IF NAME="submission"> + <td align="center" bgcolor="#daffec">yes</td> + <TMPL_ELSE> + <td align="center">no</td> + </TMPL_IF> + <TMPL_IF NAME="smtps"> + <td align="center" bgcolor="#daffec"><!--yes - + --><a href="<TMPL_VAR NAME="ssl_url">">yes</a><TMPL_IF NAME="ssl-cipher"><br><small><TMPL_VAR NAME="ssl-cipher"></small></TMPL_IF></td> + <TMPL_ELSE> + <td align="center">no</td> + </TMPL_IF> + <TMPL_IF NAME="2525"> + <td align="center" bgcolor="#daffec">yes</td> + <TMPL_ELSE> + <td align="center">no</td> + </TMPL_IF> + <!-- + <TMPL_IF NAME="25000"> + <td align="center" bgcolor="#daffec">yes</td> + <TMPL_ELSE> + <td align="center">no</td> + </TMPL_IF> + --> + <TMPL_IF NAME="warning"> + <td bgcolor="#faff7f"><TMPL_VAR NAME="warning"></td> + </TMPL_IF> + <TMPL_IF NAME="error"> + <TMPL_IF NAME="warning"> + </tr><tr><td colspan="8"> </td> + </TMPL_IF> + <td bgcolor="#ff7f7f"><TMPL_VAR NAME="error"></td> + </TMPL_IF> + </tr> + </TMPL_LOOP> + <tr><td colspan="6"></td></tr> +</TMPL_LOOP> +</table> + +<p> +Built at <TMPL_VAR NAME="now">. + +</td></tr> +<tr><td colspan=2 bgcolor="#ffffff"> </td></tr> +<tr><td colspan=2 bgcolor="#444444"><font color="#ffffff"><em><a href="mailto:web@palfrader.org"><font color="#bbbbff">web@palfrader.org</font></a></em> - + <a href="http://validator.w3.org/check/referer"><font color="#bbbbff">Valid HTML 4.01!</font></a></font></td></tr> +</table> +</body> +</html> |