<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<div class="moz-cite-prefix">Le 3/2/21 à 9:04 PM, Arjen de Korte a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:20210302210412.Horde.C5zo5xrHb4wr9YvhqEP5Jgw@mail.de-korte.org">Citeren
Voytek Eymont <a class="moz-txt-link-rfc2396E" href="mailto:voytek@sbt.net.au"><voytek@sbt.net.au></a>:
<br>
<br>
<blockquote type="cite">On Wed, March 3, 2021 1:17 am, Yassine
Chaouche wrote:
<br>
hmm, just tried this, 110/143 gives error, 995/993 doesn't:
<br>
<br>
I'll try changing in TB to SSL/TLS not StartTLS, 995 or 993,
etc, and, see
<br>
if error goes
<br>
<br>
# echo | openssl s_client -connect emu.sbt.net.au:110
2>/dev/null |
<br>
openssl x509 -noout
<br>
-enddate
<br>
</blockquote>
<br>
On port 110/143 you need to tell the POP3/IMAP server to upgrade
the connection to TLS. In that case, it will work just fine:
<br>
<br>
# echo | openssl s_client -connect emu.sbt.net.au:110 -starttls
pop3 2>/dev/null | openssl x509 -noout -enddate
<br>
notAfter=Apr 27 12:11:32 2021 GMT
<br>
<br>
#echo | openssl s_client -connect emu.sbt.net.au:143 -starttls
imap 2>/dev/null | openssl x509 -noout -enddate
<br>
notAfter=Apr 27 12:11:32 2021 GMT
<br>
<br>
Remember that there is a difference between connections that are
upgraded to TLS (110/143) and connections that use SSL by default
(995/993). If you don't tell the first that you want to use TLS,
the server will not present the certificate, unlike the latter.
<br>
<br>
Regards, Arjen
<br>
<br>
</blockquote>
<b>tl;dr </b>: use<b> -starttls </b>if you want TLS on a non-TLS
port.<br>
<br>
-- Yassine<br>
</body>
</html>