From 5e95090defff64bc8cd7a318a73aa930948fb66d Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 15 Nov 2004 09:20:11 +0000 Subject: Initial import --- web/tls/Makefile.am | 35 +++++++++++++++ web/tls/template.tmpl | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 153 insertions(+) create mode 100644 web/tls/Makefile.am create mode 100644 web/tls/template.tmpl (limited to 'web/tls') diff --git a/web/tls/Makefile.am b/web/tls/Makefile.am new file mode 100644 index 0000000..72b21e1 --- /dev/null +++ b/web/tls/Makefile.am @@ -0,0 +1,35 @@ +SUBDIRS = + +based_in = htdocs +include $(top_srcdir)/Makefile.common + +doc_DATA = index.html + + +addresses: $(ECHOLOT_BASE)/results/mlist2.txt $(ECHOLOT_BASE)/results/rlist2.txt + cat $(ECHOLOT_BASE)/results/mlist2.txt $(ECHOLOT_BASE)/results/rlist2.txt > addresses + +tls-result: addresses + if [ -e $@ ] ; then \ + mod=`stat -c '%Y' $@`; \ + else \ + mod=0; \ + fi; \ + now=`date +'%s'`; \ + if [ $$(( $$now - $$mod )) -gt $(TLS_AGE) ]; then \ + $(top_srcdir)/bin/tls-check < $< > $@; \ + fi + +index.html: tls-result + rm -f cert-*.txt; + $(top_srcdir)/bin/tls2html < $< > $@; + +clean: + rm -f tls-result index.html addresses cert-*.txt addresses + +install-data-local: index.html + [ -d $(docdir) ] || mkdir $(docdir) + cp cert-*.txt $(docdir) + +uninstall-local: index.html + rm -f $(docdir)/cert-*.txt diff --git a/web/tls/template.tmpl b/web/tls/template.tmpl new file mode 100644 index 0000000..99d8cfa --- /dev/null +++ b/web/tls/template.tmpl @@ -0,0 +1,118 @@ + + +TLS @ noreply + + + + + + + + +

www.noreply.org :: TLS

+ +

SMTP - TLS

+ +Transport +Layer +Security (similar to SSL) +brings forward secrecy to Internet Email by encrypting SMTP traffic. +

+Even though usual remailer mail is already encrypted, TLS adds security +because the key used in TLS sessions usually is ephemeral - i.e. it only +exists for seconds and is destroyed immediatly after use. Whether or +not short-lived keys are used depends on the cipher suite chosen. +(The EDH (Ephemeral Diffie-Hellman) ciphers use ephemeral keys.) +

+Ephemeral keys make it impossible to decrypt data which was eavesdropped at one +time by compromising a remailer's key later. +

+Since remailer keys are valid for weeks, sometimes years, this makes +remailing more secure. + +

+The submission column indicates that a mailserver acceps mails on port 587 +(submission). The smtps column that it accepts SSL connections on port 465 +(smtps) for use with stunnel and similar. Some hosts also accept normal +connections on port 2525 - this is indicated in the column 2525. +Please note that some hosts may enforce the use of TLS on the submission port. + +

+ +Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your config file, depending on your version. + +

+See the Encrypted Email +- TLS/SSL on banasplit for a + howto on using stunnel on Windows with Quicksilver and JBN2. + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
remailer mail exchanger priority TLS submission smtps 2525 error/warning
<>
">YES
announced - + does not work no N/A yes no ">yes
no yes no

+ +

+Built at . + +

web@palfrader.org - + Valid HTML 4.01!

+ + -- cgit v1.2.3