"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes:
>> --smtp-encryption=<encryption>::
>> + Specify the encryption to use, either 'ssl' or 'tls'. Any other
>> + value reverts to plain SMTP. The difference between the two for Git is
>> + that 'ssl' uses implicit encryption and defaults to port 465, 'tls'
>> + uses explicit encryption and defaults to port 25. Other ports might be
>> + used by the SMTP server. Default is the value of
>> `sendemail.smtpEncryption`.
>
> This is a definite improvement, but maybe we'd want to say that 'tls' is
> really STARTTLS, while 'ssl' is always-on encryption over a dedicated
> port. It might also be worth mentioning that the choice of name doesn't
> affect the actual protocol and version used and the user is almost
> certainly using TLS either way.
So, it is not really specifying "the encryption", rather the way to
get into the encrypted communication.
I think the prose is OK, as long as we are not adding the third
value, at which time we may want to use enumeration instead.
Specify how SMTP connection should be entered into encrypted
mode. The valid values are 'ssl' and 'tls'. Any other value
reverts to plain (unencrypted) SMTP. 'ssl' refers to "implicit"
encryption (sometimes calls SMTPS) that uses port 465 or 587 by
default. 'tls' refers to "explicit" encryption (often known as
STARTTLS) that uses port 25 by default. Despite their names, it
is likely the user is using the newer TLS protocol, not the
deprecated SSL, for the actual encryption protocol either way.
+
Other ports might be used by the SMTP server. Default is the value of
`sendemail.smtpEncryption`.
We might want to
* introduce synonyms implicit/smtps vs explicit/starttls and
deprecate the current confusing names over time?
* error out when invalid value is given, instead of silently
talking plaintext SMTP?
