-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/2011 2:11 PM, Tom Hendrikx wrote: > On 10-11-11 20:28, Dick Middleton wrote: >> On 11/10/11 19:17, Carlos Mennens wrote: >>> I asked a user today to make sure his incoming and outgoing email was >>> using TLS. He told me it wasn't possible because my Dovecot / Postfix >>> daemons were only listening on TCP 25 & 143 according to a port scan >>> he did. He told me the only way I could enable encrypted secure >>> sessions between the client & server is to enable port 993 (IMAPs). >> >> Yes you are right. Port 993 is for IMAPS (SSH). TLS is normally on the same >> port as plain. >> >> The difference between SSH and TLS is that with SSH the encryption is set up >> before any application communication takes place. i.e all application packets >> are contained in the encrypted payload. With TLS the application starts >> communication and then the application sets up encryption of its payload. >> > > You're contributing to the confusion. > > SSL and TLS are practically the same, just another name for the same > beast. The only difference is that SSL is the old name, and newer > versions of the standard are labeled TLS. The term SSH is not in the > scope of this question. > > There are 2 ways of using SSL/TLS to encrypt sessions: > > 1) Setup a dedicated port where a SSL/TLS session can be setup before > the actual data is transferred. This is what happens for IMAPS/993 and > SMTPS/465. > > 2) Extend an existing protocol to enable SSL/TLS during an open session. > This is called STARTTLS in several protocols, SMTP and IMAP being among > them. And this is what happens on SMTP/25, Submission/587 and IMAP/143. > > Note that although the second option is *named* STARTTLS, you probably > could implement any server to *use* SSL 1.0 for the actual encryption > (not recommended though). > > The OP is offering STARTTLS for both services, which is good. > > -- > Regards, > Tom
The confusion is caused by the way some client software differentiate these services in their configuration, often referring to wrappermode smtps/imaps as "SSL", and STARTTLS as "TLS". -- Noel Jones -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOvDJcAAoJEHIluGOd3V4F6foH/16+xq91/j4hgXufdnAsxwW1 N2ZXf1fby7TjR4BpaYNdH6PsN5/UqFSZItVYkeDXWgGG/wYCTRC+LHdks/EeQKgR 1ondUL2iorQ7bGy25m3526DGShFmcEh7P+Z6WWwdFeOTLBS57LIgwvFHBg4niYHq 3ZbPOjzI+d7kbz8tT8ATb+Ju+uJlV2rpbZKHQ90qlOR9tRl6bUOEeW32yPf5hjpI gs89o66Ud+mb9kkH9vgrhnutxsWjVxWNWM1ba43S1bh4Jg9YneIdsHdQVQSPrFUz EPy5Tgz3b+LZC6lwe6czFrhYgv/GUiJutS34qRHLSMAQGY+fgOcZBSZQHKP7NC4= =TdNE -----END PGP SIGNATURE-----
