[jdev] TLS Everywhere

Philipp Hancke fippo at goodadvice.pages.de
Sat Nov 2 16:35:22 UTC 2013

> Whereas the deployment piece says
>> >o require the use of TLS for both client-to-server and server-to-server
> connections
> Doesn't that exclude Server Dialback? Please help me understanding this.

No. You use this (called starttls+dialback) if, after setting up TLS you 
notice that you can't trust the peer certificate for strong authentication.

So you have an encrypted stream from TLS and the relatively robust 
spoofing protection from dialback. It's safe from passive attacks.

More information about the JDev mailing list