On Mon, 9 Aug 2021, Thomas Walter via mailop wrote:
https://nostarttls.secvuln.info/
Their conclusion is that all vulnerabilities rely on the transition of an
insecure connection to a secure connection.
If possible, we recommend that users check and configure their email
clients to use SMTP, POP3 and IMAP with implicit TLS on dedicated ports,
i.e., SMTP/Submission on port 465, POP3 on port 995, and IMAP on port 993.
This is in line with already existing recommendations in RFC 8314 and was
already recommended by security professionals before.
It is a pity that 587 is the offical smtp submission port
whilst TLS-on-connect port 465 is merely "traditional".
Implicit TLS does not have such a transition and is therefore not
vulnerable to any of these attacks. We therefore consider implicit TLS a more
secure option than STARTTLS.
--
Andrew C. Aitchison Kendal, UK
[email protected]
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
