[Dovecot] Protocol logging - TLS vs SSL
Reindl Harald
h.reindl at thelounge.net
Tue Feb 26 23:49:48 EET 2013
Am 26.02.2013 22:38, schrieb Charles Marcus:
> On 2013-02-26 3:55 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> TLS is practically the next SSL version after SSL 3.0 and internally SSL 3.x, in fact it is only a wording issue
>
> Prove it.
dmaned i have proven it at least a hour ago
read the first line of the follwoing link
http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0
TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated in the RFC, "the
differences between this protocol and SSL 3.0 are not dramatic, but they are significant to preclude
interoperability between TLS 1.0 and SSL 3.0. " TLS 1.0 does include a means by which a TLS implementation can
downgrade the connection to SSL 3.0, thus weakening security.
>> pfffffff
>>
>> SSL if available: use port 993 if available, but you may use 143 unecnrypted
>> SSL Always: use always port 993
>> TLS if available: use STARTLS on 143 if available, but if not use no encryption
>> TLS Always: use always STARTTLS on 143
>
> pffffffffff yourself - in fact, I just visually confirmed...
> The native Android mail shows these choices
it does not interest rme what you have VISUALLY confirmed
there are only two choices:
* the client does show you bullshit because
it is not his job to explain you the differences
and it knows better than you that on 143 he has
to use STARTTLS which he can not do on 993
* the client fails with STARTTLS on 993 or TLS/SSL
on 143, the same for smpts/pop3s
i guess he does the first of the two choices
______________________________
in fact 993 is SSL/TLS and NOT STARTTLS
in fact 143 is unencrypted or STARTTLS
try it out, configure postfix 587/465 the wrong way around
and look what happens, or configure postfix to realy to
a server via SSL on port 465 with doe snot support STARTLS
and look what happens
Google: "difference ssl starttls"
http://luxsci.com/blog/ssl-versus-tls-whats-the-difference.html
here have you a real good explaination WHAT STARTTLS is
and yes, in this context there is no difference between pop3/imap3/smtp
http://www.postfix.org/CVE-2011-0411.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130226/ce98d185/attachment.bin>
More information about the dovecot
mailing list