69

I stumbled something interesting today when I was adding an account to my gmail one. Why is SSL boldly stated as recommended when TLS supersedes SSL?

The links for SSL and TLS is the same: https://support.google.com/mail/answer/22370?hl=en

Gmail "add address" page

psmears
  • 900
  • 7
  • 9
user153882
  • 753
  • 1
  • 5
  • 13
  • 5
    Could this be due to the [weaknesses of STARTTLS](https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigations)? – Arminius Jun 14 '17 at 04:28

2 Answers2

85

From that link:

Select a secured connection

Check with your other mail service for their recommended port number and authentication type.

Here are some common combinations:

  • SSL with port 465
  • TLS with port 25 or 587

The difference, then, is that "SSL" means SMTP over SSL-or-TLS on port 465, and "TLS" means SMTP with STARTTLS on port 25 or 587. So what's the difference between them?

STARTTLS is opportunistic encryption. The connection starts as plaintext SMTP, and the client tries to initiate encryption if the server says that it can. The problem with this is that the plaintext negotiation can be relayed and modified by a Man-in-the-Middle attacker, exactly the way that sslstrip works for HTTP redirects and links to HTTPS.

SMTP-over-SSL, on the other hand, starts with a SSL (or TLS--the exact protocol is negotiated) connection, then SMTP is conducted over that tunnel. With this configuration, the client always expects to use SSL, and can't be tricked into going plaintext.

So the SSL-or-TLS naming is not the real issue. Google is using "SSL" to mean the older "smtps" standard, which is actually more secure in this case. In reality, the service is probably using TLS, and Google's mail servers will negotiate the most secure connection possible, depending on the other service.

EDIT: As @Mehrdad points out in the comments, Google will change which option is "recommended" based on the port number that is selected in the dropdown. This shows that their recommendation is not based on higher assurance of encryption, but on what is most likely to work: port 465 is registered with IANA as 'smtps', and is expected to be SMTP-over-SSL. Ports 25 and 587 are 'smtp' and 'submission' respectively, and are expected to be plaintext. Since I doubt that Google will refuse to send mail over these ports if STARTTLS cannot be negotiated, "TLS" remains the weaker, opportunistic option. It is, however, more likely to be supported than port 465.

EDIT 2: @grawity did the legwork and determined that Google does not, in fact, fall back to plaintext SMTP if STARTTLS is not supported. You have to explicitly select the "Unsecured" option when configuring the server. This is really good work by Google to ensure transport security for emails. Of course, all that has been said already about STARTTLS remains true: it requires this extra step of making TLS a strong requirement to avoid downgrade attacks.

bonsaiviking
  • 11,316
  • 1
  • 27
  • 50
  • 8
    Uhm, [You can see "TLS" be "recommended" just like "SSL"](https://i.stack.imgur.com/sWmzf.png), depending on what port you're connecting to. Are you sure your answer explains the issue accurately? – user541686 Jun 14 '17 at 09:24
  • 4
    @bonsaiviking: Thunderbird is one that comes to mind. As for Gmail, the wording in [support site](https://support.google.com/mail/answer/22370) (under "My mail server does not support...") implies that they require TLS, unless you choose "Unsecured" which only appears for port 25. I verified this experimentally – Gmail will drop the connection if my server's EHLO does not offer STARTTLS. – user1686 Jun 14 '17 at 13:50
1

In 2018, the official recommendation changed again to using implicit TLS over port 465

Community
  • 1
user2285323
  • 11
  • 1