[Dovecot] Protocol logging - TLS vs SSL

Charles Marcus CMarcus at Media-Brokers.com
Wed Feb 27 00:03:28 EET 2013


On 2013-02-26 4:26 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>
> Am 26.02.2013 22:19, schrieb Charles Marcus:
>> On 2013-02-26 3:59 PM, Ben Morrow <ben at morrow.me.uk> wrote:
>>> At  3PM -0500 on 26/02/13 you (Charles Marcus) wrote:
>>>> Now the only other question is, again already being contemplated by Timo
>>>> apparently, why the config file uses SSL...
>>> Why not?
>> Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'?
> and you still do not understand that it is the same

I meant the new NAME. But obviously you're more interested in picking 
fights than having a conversation.

>>>> Timo, what I would suggest is allow the use of ssl in the config file
>>>> for backwards compat, but change future versions to use TLS...

>>> I would be against that idea.

>> My turn... why?

> because it is a useless change which makes
> code complexer and more error proof

Assuming you meant error-PRONE, that is ridiculous.

Postfix does things like this all the time (implementing something new 
but maintaining the old way for backwards compat). If it is done right, 
it won't hurt a thing (and I think we all know timo knows how to do 
things right).

>>>> And I always choose (chose - from now on I'll choose TLS) 'SSL Always',
>>>> so shouldn't these connections show 'SSL' instead of TLS, since I'm
>>>> basically forcing my phone to SSL?
>>> I suspect the difference is that the 'SSL' options use imap-over-SSL on
>>> port 993 while the 'TLS' options use STARTTLS over port 143.
>> Don't know how you or Reindl came to that conclusion, because the ports are specified separately.
> because if you would spend 10 seconds of
> your time with a default tunderbird setup
> you would see that STARTTLS is 143 and
> TLS/SSL is 993 because the port switchs
> with the dropdown change

Yes, but again, they are independent, and you can change the port if you 
like.

Question: can you use arbitrary ports for secure IMAP/POP/SMTP? I don't 
see why not. You can use arbitrary ports for secure http...

-- 

Best regards,

*/Charles/*



More information about the dovecot mailing list