[jira] [Commented] (JAMES-3215) Remove SSL support in James

Mon, 15 Jun 2020 00:10:12 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17135513#comment-17135513
 ] 

Ioan Eugen Stan commented on JAMES-3215:
----------------------------------------

I also don't think we should remove TLS form James. 
There are use cases when a Proxy is a good thing and when a proxy is not a good 
thing. 

[~matthieu] I know a lot of apps use STARTTLS and it's part of the RFC;s  
https://en.wikipedia.org/wiki/Opportunistic_TLS so removing STARTTLS is not an 
option.
However, with the advent of LetsEncrypt services I think it's more common and 
secure to expect all apps to support TLS out of the box. 
Personally, I would recommend anyone starting and email server to use configure 
James to use encrypted ports and not use STARTTLS / un-encrypted ports. 
You avoid the possibility of someone sending credentials over the nu-encrypted 
ports. 

> Remove SSL support in James
> ---------------------------
>
>                 Key: JAMES-3215
>                 URL: https://issues.apache.org/jira/browse/JAMES-3215
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: David Leangen
>            Priority: Major
>
> SSL support is not working [1], and it complicates the installation process. 
> It causes the inclusion of various libraries, and Java suuuuuucks for SSL 
> support.
> It would make James a lot simpler to remove SSL support and make SSL 
> termination somebody else's problem. These days it should be easy to use a 
> proxy (like nginx) or an ingress (for example in Kubernetes) to perform SSL 
> termination.
> It would be one less thing to maintain in James, one less thing that can go 
> wrong, one less step to take just to get a James server working, and a step 
> closer to providing good user support.
> {quote}[1] I define "working" by meaning that as a user, I follow the 
> instructions but it still does not work as intended.
> {quote}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to