Re: [Exim] TLS on a port other than 25

Góra strony
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
Dla: James P. Roberts
CC: exim-users, Mark Edwards
Temat: Re: [Exim] TLS on a port other than 25
On Mon, 17 Feb 2003, James P. Roberts wrote:

> STARTTLS begins with a normal, clear-text session, during which the
> server usually advertises support for STARTTLS. After a clear-text
> "STARTTLS" command from the client, server and client negotiate
> encryption (everything from here on out looks scrambled), which persists
> for the remainder of the connection.


Indeed. That is how TLS is supposed to be used on SMTP connections (see
RFC 2487).

> SMTPS was rather more difficult to understand, as the very first command
> from the client is not clear-text. It looks garbled to anything except
> a server listening specifically for encrypted SMTPS traffic.


SMTPS was a hack that was invented before RFC 2487 came out. I regard
its use as obsolete, and any software that uses it as "legacy".

> Philip, I know you said it would probably never happen, but I would like
> to add this to the Exim Wish List anyway. The ability to handle both
> STARTTLS and SMTPS, from a single Exim, on different ports.


I do not like this idea, because it encourages the continued use of
non-standards. I think there's already enough in Exim - you can use "a
single Exim" on different ports - but you have to run two daemon
processes. However, you do not need two different configs.

> It is certainly the case that work-arounds exist
> (two-daemon solutions). But this is not quite satisfying.


Why are two daemons so unsatisfying?

> I don't think we ever need both STARTTLS and SMTPS on the same port?


That is unimplementable. How does the server know?

Philip

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.