On 21/08/17 16:25, Robert Wolf wrote:
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
On 21/08/17 13:39, Robert Wolf wrote:
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
On 21/08/17 10:37, Gedalya wrote:
On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
is there a 'preferred way'? should I tell users to use 143 over 993 ?
or
993 over 143? or?
There is no concrete answer. There are various opinions and feelings
about
this.
The opinion againt 993/995 is that these are not standard ports,
Out of curiosity, is there a source for this? It's the first time I hear
that
993/995 are not standard ports - and searching on the Internet, I can't
find
any evidence to back it up? Also, pretty much all email software has been
using them for the past 20 years or so. It seems like a curiously high
rate of
adoption for a non-standard :-)
Hello,
IMHO the "not standard ports" is meant as "old, useless ports now".
So in short, ports 993/995 are IANA officially approved, and thus "standard".
Further to this, they are in use by the vast majority of email providers, and
as far as I can tell, there are no functional or security disadvantages to
using SSL over 993/995 - instead of STARTTLS over 110/143.
Hello Sebastian,
there are no functional disadvantages
*** As I have written, only if some protocol can be used in just plain-text
mode, then the SSL ports generate additional encryption load. CPU is probably
no problem today, but I have seen some slower SSL connection on higher latence
network. I am not SSL profi, but it looks like there is some ACK in SSL after
some "SSL packet" which makes slower connection on high latency network,
because SSL must wait for packet ACK. In plain-text connection, TCP requires
ACK too, but TCP can open big window and send many data at once and wait only
for the last ACK.
there are no security disadvantages
*** Exactly, there is really no security disadvantage to use SSL ports, the
encryption is same, resp. there is security advantage to use SSL ports to be
sure that every communication is encrypted from start and client cannot send
anything plaintext.
Hi Rob - thank you for the clarification. It is interesting information.
