On Thu, 06 Aug 2009 13:28:51 +0200, Julien Vehent <[email protected]> wrote: > On Thu, 06 Aug 2009 13:20:20 +0200, "A.L.E.C" <[email protected]> wrote: >> Julien Vehent wrote: >> >>>> && strncasecmp($this->host, 'ssl://', 6) != 0 >> >> !!!! http://php.net/manual/en/function.strncasecmp.php >> >>> $rcmail_config['smtp_server'] = 'ssl://localhost';
> >>> >>> // SMTP port (default is 25; 465 for SSL) > >>> >>> $rcmail_config['smtp_port'] = 25; > >>> >> >> I'm sure that your postfix does not use SSL on 25 port. >> >>> The only thing I'm sure of, is that this postfix configuration works > fine >>> with thunderbird in TLS mode. >> >> TLS != SSL > > My extremely humble excuses for this mistake... after changing the > configuration several times, I had forgotten this ssl:// > > it works fine now, as shows the capture : > http://www.linuxwall.info/files/starttlsroundcubetrace.pcap.txt > > May I recommend that the comments in the main.inc.php explain this issue ? > I am always confused about the difference SMTP makes between SSL and TLS. > It doesn't quite make sense to me to handle the two protocols separately > since one is just the renamed evolution of the other. But this is not > roundcube's problem. There is a fundamental difference between SSL and TLS: - An SSL (Secure Socket Layer) connection involves authentication and/or encryption during establishment of the socket connection. In other words, the socket connect() wraps the certificate/key negotiation and the application/presentation-level protocol is ignorant of the presence of additional security - TLS (Transport Layer Security) refers to introduction of authentication/encryption after the socket connection is already established and the application-level protocol is underway. The socket() connection is initially a normal raw/plain-text connection, and the application-level protocol (in this case SMTP) requests the certificate/key negotiation during the information exchange that takes place after the socket connection has been established (e.g. the STARTTLS SMTP command). This difference is why TLS is usually available on the same port/socket as the normal/insecure protocol, whereas SSL typically requires a new port/protocol (e.g. imaps:993 vs. imap:143). An SSL server starts in with the key exchange immediately upon acceptance of the socket connect(), whereas a non-SSL server accepts plain connections and can optionally add TLS later. > Thanks for you help alec. > > Julien > > > > _______________________________________________ > List info: http://lists.roundcube.net/dev/ -- Eric Stadtherr [email protected] _______________________________________________ List info: http://lists.roundcube.net/dev/
