[Dovecot] SSL / TLS

Timo Sirainen tss at iki.fi
Sun Jun 28 00:07:15 EEST 2009


On Sat, 2009-06-27 at 20:06 +0200, Jean-Noel Chardron wrote:
> This is the protocol: the server announces its capability but can not 
> force the use of TLS which is an initiative of the client.

Server can't force clients to do STARTTLS, but it can prevent clients
from being able to log in without it. This is what Dovecot does by
default, with disable_plaintext_auth=yes. If it's enabled and STARTTLS
isn't used and client tries to log in, Dovecot says:

1 login foo bar
* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed.
1 NO [CLIENTBUG] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090627/eed4e607/attachment.bin 


More information about the dovecot mailing list