Ben Bucksch wrote, On 2008-09-17 13:55:
Thunderbird currently has the SSL options: Never (plain), TLS, if
available, TLS (always), and SSL (always), for incoming IMAP/POP3
and outgoing SMTP servers (with slightly different UI wording). TLS is
basically SSL version 3.
Damn! Those old wrong
On 17-Sep-08, at 4:55 PM, Ben Bucksch wrote:
I don't think the TLS, if available is important anymore, and is
dangerous. Therefore, I propose to remove it from the UI in the
Account
Manager as well. It could stay as backend pref for edge cases and
existing users - the Account Manager UI
Johnathan Nightingale wrote:
[...]
- We should turn it ON by default on non-secure connections, because
even though we know full well that the connection is subject to
subversion, we have a nearly-free way to marginally reduce the attack
surface in the background.
- And yes, there should be