STARTTLS is the negotiated protocol of SSL. it's a method of establishing the connection using plain text, becoming aware that the server supports an encrypted layer and then initiating an SSL session. plain SSL is the "dumb", or blind, approach to smtps. failure to negotiate SSL via protocol means a possibly lengthy session timeout with no clear explanation why the session failed.
why to use SSL rather than TLS? generally any server that supports plain SSL should also support TLS. there are corner cases. while rare, it's nice to be able to say yep, we got that covered too. -david On 07/23/11 16:02, Eric Vicenti wrote: > The SMTP protocol can be encrypted at a low level with either TLS or > SSL. It depends on the SMTP server. Most hosts will offer one or both, > and they should tell you, as well as the corresponding port (typically > 465 or 587 for secured connections). If you are configured with TLS or > no security when you should be using SSL, web2py requests will take a > few minutes and eventually the server will report a message send > failure. > > Further reading: > http://en.wikipedia.org/wiki/SMTPS > > -Eric > > On Jul 23, 7:59 am, Jonathan Lundell <[email protected]> wrote: >> On Jul 23, 2011, at 12:30 AM, Eric Vicenti wrote: >> >>> I was having difficulties sending from web2py, when I realized there >>> is no SSL encryption support. Since this is already built into >>> smtplib, it was a simple addition. I should mention this wont work on >>> GAE, and I have not comprehensively tested it. >> Under what circumstances would you use ssl vs tis?
