At 4PM -0500 on 26/02/13 you (Charles Marcus) wrote:
On 2013-02-26 3:59 PM, Ben Morrow <ben@morrow.me.uk> wrote:
At 3PM -0500 on 26/02/13 you (Charles Marcus) wrote:
Now the only other question is, again already being contemplated by Timo apparently, why the config file uses SSL... Why not?
Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'?
Timo, what I would suggest is allow the use of ssl in the config file for backwards compat, but change future versions to use TLS...
I would be against that idea.
My turn... why?
I'm generally against gratuitous changes for no good reason.
I'm curious though... I'm fairly certain that my Android phone differentiates between SSL and TLS, with choices something like:
NONE SSL if available SSL Always TLS if available TLS Always
And I always choose (chose - from now on I'll choose TLS) 'SSL Always', so shouldn't these connections show 'SSL' instead of TLS, since I'm basically forcing my phone to SSL?
I suspect the difference is that the 'SSL' options use imap-over-SSL on port 993 while the 'TLS' options use STARTTLS over port 143.
Don't know how you or Reindl came to that conclusion, because the ports are specified separately.
So, I can specify port 993, and TLS.
OK. What happens if you do that? Does the client start with an SSL ClientHello, or does it start by waiting for a plain-text OK IMAP response and then issuing CAPABILITY or STARTTLS in plain text? I suspect it does the latter, which will not work with any ordinarily- configured IMAP server (though of course it would be *possible* to configure Dovecot to support that).
Ben