Highest Voted 'starttls' Questions - IT Security Stack Exchange

32

votes

2 answers

Why is STARTTLS used when it can be downgraded very easily?

People are making a big fuss about how you absolutely have to disable SSLv3 because TLS can be downgraded to SSLv3 and there is barely a server left on the internet that speaks SSLv3. At the same time, almost every mail server out there will happily…

tls starttls

asked Sep 22 '19 at 06:01

AndreKR

498
4
9

21

votes

5 answers

How can I verify that SSLv3 protocol is disabled?

I'm trying to disable SSLv3 in ejabberd 2.1.10 on Ubuntu 12.04. There is no way to disable it in config file, so I have to patch the source and rebuild the package: https://github.com/processone/ejabberd/issues/113 The problem is after patching and…

tls openssl starttls

asked Oct 23 '14 at 17:19

quanta

433
2
4
10

16

votes

2 answers

Perfectly secure Postfix MTA (SMTP) configuration

I want to secure my root server (further) service by service, starting with the SMTP service (Postfix MTA) as the most busy one. I the course of setting everything up, I read a lot about security and encryption and tried my best to gather the most…

encryption tls smtp starttls

asked Feb 18 '15 at 16:20

08frak

303
1
2
7

10

votes

3 answers

Why enable SMTP STARTTLS if OpenSSL is dangerous?

There are a bunch of people in the anti-surveillance movement who are virtually demanding that I enable SMTP STARTTLS support in my environment, in order to enable opportunistic MTA-to-MTA encryption. The same anti-surveillance people are meanwhile…

tls openssl smtp starttls

asked Jul 11 '14 at 08:05

ruief

883
4
11

8

votes

2 answers

Why are common services using implicit SSL not considered obsolete in the way that SMTPS is?

SMTPS (implicit SSL) has been deprecated/obsolete since SMTP+STARTTLS (explicit SSL) was defined in RFC2487. I'm not entirely clear on the reasoning behind that, but it was clearly considered a good idea at the time. A parallel can be seen with IMAP…

tls smtp imap starttls pop3

asked Sep 21 '17 at 08:42

Synchro

647
1
6
14

5

votes

2 answers

Does sending email with TLS help to not being flaged as spam?

Does sending email with TLS help to not being blocked or not being flagged as spam by recipient?

tls email smtp starttls

asked Sep 27 '16 at 15:04

user4271704

153
1
4

4

votes

2 answers

What happens if STARTTLS dropped in SMTP?

SMTP uses STARTTLS extension to upgrade SMTP to SMTP Secure (STMPS). According the the RFC, the client and server starts TLS as follows: S: C: S: 220 mail.imc.org SMTP service ready …

tls man-in-the-middle smtp tls-downgrade starttls

asked Sep 07 '17 at 18:23

user6875880

167
1
3

3

votes

3 answers

Must mail relays always indicate the use of encryption in the “Received:” header field?

When an email message is sent with transport encryption, you can tell it from the “Received:” field the receiving mail relay adds to the message header. > Received: from [...].google.com ([...]) by > [...].mail.protection.outlook.com ([...]) with…

encryption email starttls

asked Dec 10 '15 at 09:09

ȷ̇c

174
6

2

votes

1 answer

Is traffic subsequent to a SASL/GSSAPI bind encrypted?

When making a SASL/GSSAPI bind to an LDAP server over port 389 (ldap:///), after the authentication is finished is the resulting LDAP traffic encrypted? If so, is there a document or RFC that describes this? Assume that no STARTLS command is issued…

starttls gssapi

asked Mar 04 '20 at 23:00

rlandster

363
1
2
7

2

votes

3 answers

What is the purpose of opportunistic TLS (like STARTTLS)?

Opportunistic TLS refers to extensions in plain text communication protocols, which offer a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection instead of using a separate port for encrypted communication... Source:…

encryption tls ftp imap starttls

asked Mar 01 '17 at 22:19

Bob Ortiz

6,234
8
43
90

2

votes

1 answer

Can STARTTLS protect emails between two organisations?

There are a few threads on STARTTLS but none seem to provide a clear overview of what STARTTLS can and can not do with respect to encrypting email in transit. So my question is, can STARTTLS be configured to secure email sent between two…

encryption email starttls

asked Dec 15 '15 at 16:07

R15

2,923
1
11
21

2

votes

1 answer

Initial handshakes of attacks via client-initiated renegotiation

As far as I understand after reading this beautifully explained answer, MiTM data injection attacks via client-initiated renegotiation can only happens if the attacker is already in a connection with the server which did not check his credential. He…

tls denial-of-service starttls

asked Sep 24 '15 at 21:02

nullgraph

197
9

1

vote

1 answer

Is my Postfix and Dovecot configuration secure?

Today I set up my first server with Dovecot and Postfix. These are excerpts from the configuration files: Dovecot: disable_plaintext_auth = yes ssl = required ssl_prefer_server_ciphers = yes ssl_cipher_list =…

tls email smtp imap starttls

asked Dec 05 '14 at 16:36

Ben Richard

3,006
5
16
18

1

vote

3 answers

How to check if a mail server is Enforced-STARTLS rather than Opportunistic-STARTTLS?

This article tells us that there are two types of STARTTLS: Opportunistic (i.e. optional STARTTLS) STARTTLS and Enforced STARTTLS, which works by the doctrine of "Encrypted connection or drop connection". We can use checktls.com/TestReceiver to…

tls email email-spoofing smtp starttls

asked Jul 13 '21 at 19:08

user75058

11
2

1

vote

0 answers

Can EAP-TTLS provide the dual authentication I require?

What I want to do: Lock down the Tech Vlan so that only an approved device AND a user in the tech security group are allocated. I am hoping to achieve this via EAP-TTLS and Windows NPS whereby the machine provides the tunnel then the user…

windows radius starttls

asked Mar 29 '20 at 11:21

Matt

111
2

Questions tagged [starttls]