On 03.07.2013 00:14, anonymous coward wrote: > Oh, I just checked, I used STARTTLS, which actually is port 143.
If STARTTLS was enforced for IMAP (port 143) it is safe like SSL for IMAPS (port 993). But Tor does not know, if STARTTLS was enforced or only desired in your Thunderbird configuration. If it was only desired it is possible for an attacker to disable TLS encryption by override the signal to start the TLS handshake. Tor will give you a warning about possible insecure connection. But did not know if the connection was really insecure. Latest Thunderbird versions enforce STARTTLS if it was selected. The weak option "Use STARTTLS if possible" is not available any more in Thunderbird. You may use IMAP with STARTTLS, if your provider does not offer IMAPS. Best regards Karsten N. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
