Re: TLS fails on imaps port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Vincent Fox wrote:
> Bob Dye wrote:

BD> But it does seem odd that it supports STARTTLS on 143 but not 993.

VF> This is not odd, this is working as specified.

Indeed.

VF> TLS is enabling encryption on a connection that
VF> has started without it.

Maybe people would be less confused if "TLS" were only used to mean the
more secure socket-layer encryption which succeeded SSL, and upgrading
from unencrypted to encrypted during an existing session were only
referred to as "STARTTLS".  That seems to have been the cause of
confusion in this thread.


VF> There's a cogent argument that 993 should be depecrated
VF> as the vestige of "stunnel days" that it is.

I'd caution against that.  Around here the convention is that
user-facing front-ends listen _only_ on 993 in order to prevent users
attempting to send their credentials over insecure connections.


Duncan

-- 
Duncan Gibb - Technical Director
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk/ || t: +44 870 608 0063
Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux