Menu
Mailclients offer both settings, the STARTTLS and SSL/TLS. What is the difference between STARTTLS and SSL/TLS?
480
And yes, STARTTLS is definitely less secure. Not only can it failback to plaintext without notification, but because it's subject to man-in-the middle attacks. Since the connection starts out in the clear, a MitM can strip out the STARTTLS command, and prevent the encryption from ever occurring.
STARTTLS was indeed intended to deprecate the "duplicated" ports, one with encryption and one without, but it is STARTTLS that is being effectively deprecated.
Both direct TLS mode and TLS upgrade using STARTTLS can use client certificates. The only difference between these modes is that with STARTTLS you start with a plain connection and later upgrade if the server announces support for STARTTLS.
StartTLS is a protocol command used to inform the email server that the email client wants to upgrade from an insecure connection to a secure one using TLS or SSL. StartTLS is used with SMTP and IMAP, while POP3 uses the slightly different command for encryption, STLS.
The clearest explanation that I've read is from FastMail:
SSL and TLS both provide a way to encrypt a communication channel between two computers (e.g. your computer and our server). TLS is the successor to SSL and the terms SSL and TLS are used interchangeably unless you're referring to a specific version of the protocol.
STARTTLS is a way to take an existing insecure connection, and upgrade it to a secure connection using SSL/TLS. Note that despite having TLS in the name, STARTTLS doesn't mean you have to use TLS, you can use SSL.
Read the rest of the info they have, including a discussion of port numbers and POP/IMAP vs SMTP, here: https://www.fastmail.fm/help/technology_ssl_vs_tls_starttls.html
75
The question is quite vague, but I guess I understand it. STARTTLS means "explicit TLS" where the connection is established on regular port and then STARTTLS command is sent to initiate SSL handshake and switch to protection mode. Another option probably defines implicit SSL/TLS on a dedicated port. In implicit mode first the handshake takes place and then the application-level protocol runs over the established secure channel.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
