pop 110/995, imap 143/993 ?

Sebastian Arcus s.arcus at open-t.co.uk
Mon Aug 21 18:45:16 EEST 2017 

On 21/08/17 16:25, Robert Wolf wrote:
> On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> 
>> On 21/08/17 13:39, Robert Wolf wrote:
>>>
>>> On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>>>
>>>>
>>>> On 21/08/17 10:37, Gedalya wrote:
>>>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote:
>>>>>> is there a 'preferred way'?  should I tell users to use 143 over 993 ?
>>>>>> or
>>>>>> 993 over 143? or?
>>>>> There is no concrete answer. There are various opinions and feelings
>>>>> about
>>>>> this.
>>>>> The opinion againt 993/995 is that these are not standard ports,
>>>>
>>>> Out of curiosity, is there a source for this? It's the first time I hear
>>>> that
>>>> 993/995 are not standard ports - and searching on the Internet, I can't
>>>> find
>>>> any evidence to back it up? Also, pretty much all email software has been
>>>> using them for the past 20 years or so. It seems like a curiously high
>>>> rate of
>>>> adoption for a non-standard :-)
>>>
>>>
>>> Hello,
>>>
>>> IMHO the "not standard ports" is meant as "old, useless ports now".
>>
>> So in short, ports 993/995 are IANA officially approved, and thus "standard".
>> Further to this, they are in use by the vast majority of email providers, and
>> as far as I can tell, there are no functional or security disadvantages to
>> using SSL over 993/995 - instead of STARTTLS over 110/143.
> 
> 
> Hello Sebastian,
> 
>> there are no functional disadvantages
> 
> *** As I have written, only if some protocol can be used in just plain-text
> mode, then the SSL ports generate additional encryption load. CPU is probably
> no problem today, but I have seen some slower SSL connection on higher latence
> network. I am not SSL profi, but it looks like there is some ACK in SSL after
> some "SSL packet" which makes slower connection on high latency network,
> because SSL must wait for packet ACK. In plain-text connection, TCP requires
> ACK too, but TCP can open big window and send many data at once and wait only
> for the last ACK.
> 
> 
>> there are no security disadvantages
> 
> *** Exactly, there is really no security disadvantage to use SSL ports, the
> encryption is same, resp. there is security advantage to use SSL ports to be
> sure that every communication is encrypted from start and client cannot send
> anything plaintext.

Hi Rob - thank you for the clarification. It is interesting information.

More information about the dovecot mailing list