On 2013-02-26 3:59 PM, Ben Morrow <b...@morrow.me.uk> wrote:
At 3PM -0500 on 26/02/13 you (Charles Marcus) wrote:
Now the only other question is, again already being contemplated by Timo
apparently, why the config file uses SSL...
Why not?
Because, as has been pointed out, TLS is the 'new', and SSL is the 'old'?
Timo, what I would suggest is allow the use of ssl in the config file
for backwards compat, but change future versions to use TLS...
I would be against that idea.
My turn... why?
I'm curious though... I'm fairly certain that my Android phone
differentiates between SSL and TLS, with choices something like:
NONE
SSL if available
SSL Always
TLS if available
TLS Always
And I always choose (chose - from now on I'll choose TLS) 'SSL Always',
so shouldn't these connections show 'SSL' instead of TLS, since I'm
basically forcing my phone to SSL?
I suspect the difference is that the 'SSL' options use imap-over-SSL on
port 993 while the 'TLS' options use STARTTLS over port 143.
Don't know how you or Reindl came to that conclusion, because the ports
are specified separately.
So, I can specify port 993, and TLS.
The IETF caused completely unnecessary confusion by using 'TLS' to refer to two
different things: a (backwards-compatible) minor revision of the SSL
protocol itself, and a change in the recommended way of using it. Almost
all SSL connections nowadays will be using SSL 3.2 or 3.3 (that is, the
TLS 1.1 or 1.2 protocol), even imaps and https connections using the
old-fashioned approach of using a different port dedicated to SSL
connections. In principle there's no reason why an IMAP STARTTLS
connection couldn't negotiate SSL 2.0, but that would be a bad idea
since SSL 2.0 is known to be insecure.
Well, you're obviously right about it being confusing, and that in and
of itself is not a good thing...
Oh well, whatever, it isn't that big a deal...
--
Best regards,
*/Charles/*
