Timo Sirainen a écrit :
On Sat, 2009-06-27 at 20:06 +0200, Jean-Noel Chardron wrote:
This is the protocol: the server announces its capability but can not force the use of TLS which is an initiative of the client.
Server can't force clients to do STARTTLS, but it can prevent clients from being able to log in without it. This is what Dovecot does by default, with disable_plaintext_auth=yes. If it's enabled and STARTTLS isn't used and client tries to log in, Dovecot says:
1 login foo bar
- BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. 1 NO [CLIENTBUG] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
very interesting, I didn't think about it. This may indeed be the case. and thus forcing the users to make the choice of TLS in a hostile environment. however then this rule will also apply to an environment of "friendly" on the local network. This is not the goal for sedentary among us, unless the default configuration of clients was not "plain text" but "do TLS if possible".