https://bugs.kde.org/show_bug.cgi?id=404211
Jan Kundrát <j...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|UPSTREAM |NOT A BUG
--- Comment #12 from Jan Kundrát <j...@kde.org> ---
(In reply to Filipe Azevedo from comment #9)
> The Trojita GUI does not specify SSL at all, it has:
>
> - Use encryption (STARTTLS)
> - Force encryption (TLS)
I can see that these names can be confusing, but I do not know how to better
explain what's going on. The choice is, essentially, whether to use encryption
from very beginning, or whether to establish a plaintext connection first and
then upgrade it to encryption via the STARTTLS command. These two options use
different server port numbers, and it is important to get both port number
*and* encryption type correct. Trojita warns the user right in the settings
dialog when the port number is unusual.
The standard says that the default submission settings are STARTTLS and port
587. If you ask Trojita to use "TLS" on port 587, then Trojita attempts to
initiate a TLS connection against a cleartext endpoint which won't work.
In the past, a lot of software called the "hey, let's encrypt from the
begining" option "SSL", and the other option, "start in cleartext and introduce
encryption as soon as possible", was called "STARTTLS". Then encryption
standard knows as "SSL v2" got disabled due to its unfixable security
vulnerabilities, SSL v3 git deprecated in 2015, and everybody has been using
something which is technically TLS for the past four years.
--
You are receiving this mail because:
You are watching all bug changes.
