[
https://issues.apache.org/jira/browse/JAMES-3215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135513#comment-17135513
]
Ioan Eugen Stan commented on JAMES-3215:
----------------------------------------
I also don't think we should remove TLS form James.
There are use cases when a Proxy is a good thing and when a proxy is not a good
thing.
[~matthieu] I know a lot of apps use STARTTLS and it's part of the RFC;s
https://en.wikipedia.org/wiki/Opportunistic_TLS so removing STARTTLS is not an
option.
However, with the advent of LetsEncrypt services I think it's more common and
secure to expect all apps to support TLS out of the box.
Personally, I would recommend anyone starting and email server to use configure
James to use encrypted ports and not use STARTTLS / un-encrypted ports.
You avoid the possibility of someone sending credentials over the nu-encrypted
ports.
> Remove SSL support in James
> ---------------------------
>
> Key: JAMES-3215
> URL: https://issues.apache.org/jira/browse/JAMES-3215
> Project: James Server
> Issue Type: Improvement
> Reporter: David Leangen
> Priority: Major
>
> SSL support is not working [1], and it complicates the installation process.
> It causes the inclusion of various libraries, and Java suuuuuucks for SSL
> support.
> It would make James a lot simpler to remove SSL support and make SSL
> termination somebody else's problem. These days it should be easy to use a
> proxy (like nginx) or an ingress (for example in Kubernetes) to perform SSL
> termination.
> It would be one less thing to maintain in James, one less thing that can go
> wrong, one less step to take just to get a James server working, and a step
> closer to providing good user support.
> {quote}[1] I define "working" by meaning that as a user, I follow the
> instructions but it still does not work as intended.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
