[exim] Why is STARTTLS preferred over tls_on_connect_ports?

Pàgina inicial
Aquest missatge és part del següent fil:
M-+\l'arbre de fils complet ordenat per data
M\MM 
MMLars Mainka en ->
Delete this message
Reply to this message
Autor: Marc Sherman
Data:  
A: Exim Users
Assumpte: [exim] Why is STARTTLS preferred over tls_on_connect_ports?
After writing the answer to Guy De Leeuw's question about TLS, I got to
thinking; why is STARTTLS after connection on ports 25/587 preferred to
tls_on_connect_ports on port 465? I know that the latter was only
implemented recently, and previously it required a seperate daemon
running with a command line switch, but the emails discussing that
implied that implementing tls_on_connect_ports wasn't just a pain, it
was distasteful and wrong as well. What's the reasoning behind that?

It seems to me that with tls_on_connect_ports, you get a slightly* more
secure session, because the HELO/EHLO doesn't travel in the clear,
reducing the info available for traffic analysis by an attacker.

* Ok, minutely.

- Marc


Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] Exim server behind NAT router (and HELO)Re: [exim] Exim server behind NAT router (and HELO)->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)