#2093 closed enhancement (wontfix)
Directive "starttls" should not be on when use "ssl"
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | documentation | Version: | 1.18.x |
| Keywords: | Cc: | zhoushulin1992@… | |
| uname -a: | Linux xlarge 4.15.0-72-generic #81-Ubuntu SMP Tue Nov 26 12:20:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.18.0
built by gcc 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1) configure arguments: --prefix=/usr/local/nginx --with-pcre=/root/Downloads/pcre-8.43 |
||
Description
Since "starttls" and "ssl" are conflict, it is better to note it in the doc of starttls as a reminder in https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#starttls, in case of negligence.
Change History (3)
follow-up: 2 comment:1 by , 4 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
comment:2 by , 4 years ago
Replying to Maxim Dounin:
Thank you for your suggestion. This "ssl" directive was made obsolete in nginx 1.15.0, and it certainly does not make sense to document any conflicts with it.
Could the directive "starttls" used with parameter "ssl" in directive "listen"?
comment:3 by , 4 years ago
Yes. There can be more than one listening socket in the server block, including SSL and non-SSL listening sockets, for example:
server {
listen 25;
listen 465 ssl;
starttls only;
}
So there is no direct conflict, and configurations with SSL listening sockets and starttls are considered valid. In some configurations with only SSL listening sockets starttls might be meaningless, yet this is not something nginx currently checks (and unlikely will, since using starttls only; at the mail level looks like a valid use case even if some servers only have SSL listening sockets configured).
Thank you for your suggestion. This "ssl" directive was made obsolete in nginx 1.15.0, and it certainly does not make sense to document any conflicts with it.