[Oberon] SSL tunnel; was SMTP/SSH tunnel

[Easthope]

Bill & others,

Sorry for all the questions and banter.
I want to solidify a few more ideas before 
blundering further.  

"http://en.wikipedia.org/wiki/Secure_Sockets_Layer"
distinguishes two cases.

1. TLS-capable application.  "... IETF recommended 
that application protocols always start unsecured 
and ... offer a way to upgrade to TLS ..."

2. TLS-ignorant application communicating through 
a TLS tunnel.

As I understand, Oberon MUA falls into case 2.

At Mon, 26 Mar 2007 04:54:06 +0800 Bill Hacker wrote,
wh> By either:
wh> - Using the expected TLS ...
wh>   ...
wh> *OR* ... await ONLY an arriving SSL session.

Both subcases of case 1 above?  Oberon initiates 
the tunnel; it can not wait for a SSL session.
I need to aim for case 2.  

wh> 22 is indeed the SSH port, but that is for terminal session.

SSH.StartForwarding is in SSH which depends 
on SSHTransport which defines SSHport = 22.
I found no other port in the modules.

wh> a) Specify which IP to listen on:

Doesn't the SSL daemon, rather than the 
MTA, listen on the interface?

wh> b) ... ports ...
wh> b) ... certificate ...
wh> c) ... 'Offer' TLS to all, or ...
wh> d) ... keep state ...

All issues for the SSL daemon running the tunnel; 
not for the MTA?

wh> e) ... accept AUTH ...

One of the more obscure aspects.

wh> See also POP and IMAP use of SSL.

In Oberon, POP and IMAP are ignorant of SSL.

If anyone knows of a link to a SSL tunnel 
Howto it would help.

Thanks,           ... Peter E.