Here is my 2 pence (Please someone correct me if I'm wrong). STARTTLS and TLS do eventually use the TLS protocol (Which I think is just an updated version of SSL). Different being is that with STARTTLS, the SMTP client (e.g. Thunderbird) will connect to the server unencrypted, then if the smtp server (postfix) announces "STARTTLS", Thunderbird will neogiate a key exchange then continue the rest of the connection encrypted.
With "normal" TLS, the encrypted connection happens from the start, and both server and client will need keys on each end set up beforehand That's my take on it... -----Original Message----- From: owner-postfix-us...@postfix.org on behalf of Stan Hoeppner Sent: Tue 3/2/2010 07:51 To: postfix-users@postfix.org Subject: Re: tls vs ssl Daniel L. Miller put forth on 3/2/2010 1:18 AM: > OK - I'm an idiot. I'll just admit that up front and get it out of the > way. > > Now that that's settled, what is the difference between "SSL" and "TLS" > in a MUA - particularly Thunderbird - in a Postfix context? > > I would have sworn I used to use Thunderbird with "SSL" specified and > connected to my Postfix servers fine. Now, I can only connect in "TLS" > mode. What did I break? It's unlikely you'd forget setting up SSL. You would have likely created a self signed server certificate and would have installed it on all clients connecting to the server, just as must be done with web browsers connecting to a secure site for the first time. You've likely been using STARTTLS only, which doesn't require a key exchange as SSL/TLS does. STARTTLS != TLS. -- Stan
