[Dovecot] Protocol logging - TLS vs SSL

Reindl Harald h.reindl at thelounge.net
Tue Feb 26 23:26:39 EET 2013



Am 26.02.2013 22:19, schrieb Charles Marcus:
> On 2013-02-26 3:59 PM, Ben Morrow <ben at morrow.me.uk> wrote:
>> At  3PM -0500 on 26/02/13 you (Charles Marcus) wrote:
>>> Now the only other question is, again already being contemplated by Timo
>>> apparently, why the config file uses SSL...
>> Why not?
> 
> Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'?

and you still do not understand that it is the same

>>> Timo, what I would suggest is allow the use of ssl in the config file
>>> for backwards compat, but change future versions to use TLS...
> 
>> I would be against that idea.
> 
> My turn... why?

because it is a useless change which makes
code complexer and more error proof

>>> And I always choose (chose - from now on I'll choose TLS) 'SSL Always',
>>> so shouldn't these connections show 'SSL' instead of TLS, since I'm
>>> basically forcing my phone to SSL?
> 
>> I suspect the difference is that the 'SSL' options use imap-over-SSL on
>> port 993 while the 'TLS' options use STARTTLS over port 143.
> 
> Don't know how you or Reindl came to that conclusion, because the ports are specified separately.

because if you would spend 10 seconds of
your time with a default tunderbird setup
you would see that STARTTLS is 143 and
TLS/SSL is 993 because the port switchs
with the dropdown change

> So, I can specify port 993, and TLS.

and if you specify STARTTLS on port 993 it would not work
also SSL/TLS without STARTTLS on 143 would not work

why?

because 143 is STARTTLS (google) and 993 is SSL

the same for SMTP

STARTTLS: 25 or 587 (submission)
SSL/TLS: 465 (deprecated and NOT STARTTLS)

> Well, you're obviously right about it being confusing, and that in and of itself is not a good thing...
> Oh well, whatever, it isn't that big a deal...

and that is why ANY touching of server source code is not worth

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130226/d5d175ba/attachment.bin>


More information about the dovecot mailing list