-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason R. Mastaler wrote: > Stephen Warren <[EMAIL PROTECTED]> writes: > >> I suppose it's technically possible to have tmda-ofmipd listen on >> multiple ports e.g. one SSL, one TLS, but I'd certainly like to >> ensure this set of changes gets stabilized first! > > What is the main difference between --ssl and --tls? It's not entirely > clear to me. If I just use --ssl, am I giving up anything important > that --tls offers?
I tried to explain how they work in the Howto in the Wiki. Basically, SSL mode is just like HTTPS - before anything else happens, an SSL session is created, then SMTP happens purely inside that. Depending on the modularity of the SMTP client's code, the SMTP client may not even "know" that there's SSL. In TLS mode, the connection starts out in plain-text just like a normal SMTP connection. The SMTP client issues EHLO first, then STARTTLS both as regular SMTP commands. Then, SSL is negotiated, then the whole SMTP process starts over - new EHLO, new AUTH, etc. The main advantages of the two modes are: SSL: This existed first, since it didn't require changes to SMTP client core protocol code. TLS: Is more standardized; protocols are moving away from SSL mode towards having a STARTTLS command. This allows both plain-text and SSL to use the same server port, with SSL being negotiated - saves resources (port #s on servers, simpler firewall rules, etc.). As a server, we need to support both modes, in order to support clients that only support one (not sure how common that is, but...) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5IIXhk3bo0lNTrURAoF+AKCz0r+P2KGny7nBkdPEtDnemCkf4gCeKWSb 99RVlALelQjc35KRbeMxKNY= =Cz+6 -----END PGP SIGNATURE----- _________________________________________________ tmda-workers mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-workers
