On Mar 28, 2005, at 11:38 PM, Morgen Sagen wrote:
I believe for SMTP you can now set connectionSecurity to "TLS", but not yet for IMAP. Brian can correct me, and elaborate on what TLS is, perhaps.
In Brian K's absence, I can elaborate...
[1] In the case we're calling "SSL", the client connects to the SMTP/IMAP server (usually on port 465 for SMTP, 993 for IMAP), and immediately starts an SSL handshake.
[2] For "TLS", the client starts a normal SMTP/IMAP connection on the standard port, queries the server as to whether it supports SSL, and then begins an SSL handshake if it does.
FWIW, the thing people think of as "SSL" comes in four different versions. In the fourth of these, it was decided that "Transport Layer Security" was a more accurate term than "Secure Sockets Layer". So, in a way, TLS version 1 == SSL version 4.
While I'm rambling on on this topic, the use of port 465 for SMTP + SSL is controversial. There was an outcry from the ISP community about trying to assign 465 as "smtps", because if you think about it, SSL offers no extra security against spamming. (So, ISPs who think it's a good idea to block outgoing port 25 would also have to block port 465). The registration of 465 was actually withdrawn at some point: if you look at
http://www.iana.org/assignments/port-numbers
you'll see
urd 465/tcp URL Rendesvous(sic) Directory for SSM
Also, in general, the IETF is trying to get people to move away from option [1] above, in favour of [2]. At the very least, it makes writing smarter, self-configuring clients easier.
--Grant
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Open Source Applications Foundation "Dev" mailing list http://lists.osafoundation.org/mailman/listinfo/dev
