0

I am configuring POP and IMAP accounts in thunderbird mail client.

Here are 2 options:

Security:

  • None
  • SSL/TLS
  • STARTLS

Authentication method:

  • Normal password
  • Encrypted password
  • Kerberos / GSSAPI
  • NTLM
  • OAuth2

I have 2 mails accounts: One POP and the other is an IMAP account.

I want to be sure nobody can listen my password and any mail content by sniffing network.

I have tried "SSL/TLS" and "STARTTLS" options. They work both. But my mail server does only support "normal password" option.

Can you confirm me SSL/TLS and STARTTLS full encrypts the connexion and nobody can sniff anything (passwords and content) ?

Thanks a lot

Bob5421
  • 337
  • 2
  • 8
  • 13

1 Answers1

0

SSL/TLS and STARTTLS are basically the same. Both encrypts the data stream, so no one on the network can peek into it. In this case, the "normal password" option is of little concern, since the password cannot be sniffed.

The difference between STARTTLS and SSL is that SSL is encrypted "from the beginning", i.e. the client connects to the server, and the first thing they do is exchange keys, and start encryption. In case of STARTTLS, the connection is in plain text at the beginning, and encryption starts when the client issues the STARTTLS command. After that, the process is the same, key exchange, etc.

Practically, there is little difference, as the client issues the STARTTLS command immediately after connecting, so in this case, the only thing an attacker can sniff is the EHLO command, the answer to it (which they can query from the server anyway), and the STARTTLS command itself. After that, noise.

Lacek
  • 6,585
  • 22
  • 28