"Drew DeVault" <sir@xxxxxxxxx> writes:
>> I couldn't find a justification for our log message to call
>> STARTTLS-style explicit TLS "deprecated". When you send an updated
>> version, please give a reference.
>
> The main concern with STARTTLS is downgrade attacks. I'll note this in
> the commit message for v2.
> ...
> If I may propose a bold alternative: what I added as "ssl/tls", i.e.
> "modern" SSL, should be "yes", no encryption should be "no", and if you
> specifically need starttls: "starttls".
Well, "is starttls deprecated" given to search engine gives me
SMTPS (implicit SSL) has been deprecated/obsolete since
SMTP+STARTTLS (explicit SSL) was defined in RFC2487.
as the "featured snippet", and there are debates like "SMTPS has
been deprecated since forever (late 90's or thereabouts)"
https://news.ycombinator.com/item?id=10556797
I strongly prefer to keep our documentation out of that mess by not
taking sides. To me, both are valid options to make the world safer
over cleartext, and we won't have to make recommendations when both
are available.
Thanks.
