On Thu, 25 Nov 2004, Alan J. Flavell wrote:
>
> As you say, there's many different ways to do it. But, as we found,
> there are some situations where client software blunders ahead and
> submits credentials over an unencrypted channel, despite having been
> offered an encrypted one.
It should be possible to prevent them from doing this:
server_advertise_condition = ${if eq{}{$tls_cipher} {no} {yes} }
Tony.
--
f.a.n.finch <dot@???>
http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.
