-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10-11-11 20:28, Dick Middleton wrote:
On 11/10/11 19:17, Carlos Mennens wrote:
I asked a user today to make sure his incoming and outgoing email was using TLS. He told me it wasn't possible because my Dovecot / Postfix daemons were only listening on TCP 25 & 143 according to a port scan he did. He told me the only way I could enable encrypted secure sessions between the client & server is to enable port 993 (IMAPs).
Yes you are right. Port 993 is for IMAPS (SSH). TLS is normally on
port as plain.
The difference between SSH and TLS is that with SSH the encryption is set up before any application communication takes place. i.e all application packets are contained in the encrypted payload. With TLS the application starts communication and then the application sets up encryption of its
On 11/10/2011 2:11 PM, Tom Hendrikx wrote: the same payload.
You're contributing to the confusion.
SSL and TLS are practically the same, just another name for the same beast. The only difference is that SSL is the old name, and newer versions of the standard are labeled TLS. The term SSH is not in the scope of this question.
There are 2 ways of using SSL/TLS to encrypt sessions:
Setup a dedicated port where a SSL/TLS session can be setup before the actual data is transferred. This is what happens for IMAPS/993 and SMTPS/465.
Extend an existing protocol to enable SSL/TLS during an open session. This is called STARTTLS in several protocols, SMTP and IMAP being among them. And this is what happens on SMTP/25, Submission/587 and IMAP/143.
Note that although the second option is *named* STARTTLS, you probably could implement any server to *use* SSL 1.0 for the actual encryption (not recommended though).
The OP is offering STARTTLS for both services, which is good.
-- Regards, Tom
The confusion is caused by the way some client software differentiate these services in their configuration, often referring to wrappermode smtps/imaps as "SSL", and STARTTLS as "TLS".
-- Noel Jones -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOvDJcAAoJEHIluGOd3V4F6foH/16+xq91/j4hgXufdnAsxwW1 N2ZXf1fby7TjR4BpaYNdH6PsN5/UqFSZItVYkeDXWgGG/wYCTRC+LHdks/EeQKgR 1ondUL2iorQ7bGy25m3526DGShFmcEh7P+Z6WWwdFeOTLBS57LIgwvFHBg4niYHq 3ZbPOjzI+d7kbz8tT8ATb+Ju+uJlV2rpbZKHQ90qlOR9tRl6bUOEeW32yPf5hjpI gs89o66Ud+mb9kkH9vgrhnutxsWjVxWNWM1ba43S1bh4Jg9YneIdsHdQVQSPrFUz EPy5Tgz3b+LZC6lwe6czFrhYgv/GUiJutS34qRHLSMAQGY+fgOcZBSZQHKP7NC4= =TdNE -----END PGP SIGNATURE-----