Vincent Fox wrote: > Bob Dye wrote: BD> But it does seem odd that it supports STARTTLS on 143 but not 993. VF> This is not odd, this is working as specified. Indeed. VF> TLS is enabling encryption on a connection that VF> has started without it. Maybe people would be less confused if "TLS" were only used to mean the more secure socket-layer encryption which succeeded SSL, and upgrading from unencrypted to encrypted during an existing session were only referred to as "STARTTLS". That seems to have been the cause of confusion in this thread. VF> There's a cogent argument that 993 should be depecrated VF> as the vestige of "stunnel days" that it is. I'd caution against that. Around here the convention is that user-facing front-ends listen _only_ on 993 in order to prevent users attempting to send their credentials over insecure connections. Duncan -- Duncan Gibb - Technical Director Sirius Corporation plc - control through freedom http://www.siriusit.co.uk/ || t: +44 870 608 0063 Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/ ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
