TLS fails on imaps port
Duncan Gibb
Duncan.Gibb at SiriusIT.co.uk
Tue Jan 26 05:09:47 EST 2010
Vincent Fox wrote:
> Bob Dye wrote:
BD> But it does seem odd that it supports STARTTLS on 143 but not 993.
VF> This is not odd, this is working as specified.
Indeed.
VF> TLS is enabling encryption on a connection that
VF> has started without it.
Maybe people would be less confused if "TLS" were only used to mean the
more secure socket-layer encryption which succeeded SSL, and upgrading
from unencrypted to encrypted during an existing session were only
referred to as "STARTTLS". That seems to have been the cause of
confusion in this thread.
VF> There's a cogent argument that 993 should be depecrated
VF> as the vestige of "stunnel days" that it is.
I'd caution against that. Around here the convention is that
user-facing front-ends listen _only_ on 993 in order to prevent users
attempting to send their credentials over insecure connections.
Duncan
--
Duncan Gibb - Technical Director
Sirius Corporation plc - control through freedom
http://www.siriusit.co.uk/ || t: +44 870 608 0063
Debian Cyrus Team - https://alioth.debian.org/projects/pkg-cyrus-imapd/
More information about the Info-cyrus
mailing list