-1

I'm trying to understand how the command STARTTLS in IMAP works exactly and what becomes different when it's sent. After I've sent the command "STARTTLS" before login process and received the response "OK Begin TLS negotiation now" as a client, does anything change for me as a client in the subsequent API commands, that is, the format of the requests and responses, some additional information that I have to process, etc? I mean, the API level, not the low level.

Castaglia
  • 3,239
  • 3
  • 19
  • 40
Johshi
  • 113
  • 1
  • 5

1 Answers1

2

Check RFCs for this kind of thing. They can answer a lot of your questions.

https://tools.ietf.org/rfc/index

This is the one you want:

RFC3501 INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1

https://www.rfc-editor.org/rfc/rfc3501

Abstract

   The Internet Message Access Protocol, Version 4rev1 (IMAP4rev1)
   allows a client to access and manipulate electronic mail messages on
   a server.  IMAP4rev1 permits manipulation of mailboxes (remote
   message folders) in a way that is functionally equivalent to local
   folders.  IMAP4rev1 also provides the capability for an offline
   client to resynchronize with the server.

   IMAP4rev1 includes operations for creating, deleting, and renaming
   mailboxes, checking for new messages, permanently removing messages,
   setting and clearing flags, RFC 2822 and RFC 2045 parsing, searching,
   and selective fetching of message attributes, texts, and portions
   thereof.  Messages in IMAP4rev1 are accessed by the use of numbers.
   These numbers are either message sequence numbers or unique
   identifiers.

   IMAP4rev1 supports a single server.  A mechanism for accessing
   configuration information to support multiple IMAP4rev1 servers is
   discussed in RFC 2244.

   IMAP4rev1 does not specify a means of posting mail; this function is
   handled by a mail transfer protocol such as RFC 2821.

What happens after STARTTLS

6.2.1.  STARTTLS Command

   Arguments:  none

   Responses:  no specific response for this command

   Result:     OK - starttls completed, begin TLS negotiation
               BAD - command unknown or arguments invalid

      A [TLS] negotiation begins immediately after the CRLF at the end
      of the tagged OK response from the server.  Once a client issues a
      STARTTLS command, it MUST NOT issue further commands until a
      server response is seen and the [TLS] negotiation is complete.

      The server remains in the non-authenticated state, even if client
      credentials are supplied during the [TLS] negotiation.  This does
      not preclude an authentication mechanism such as EXTERNAL (defined
      in [SASL]) from using client identity determined by the [TLS]
      negotiation.

      Once [TLS] has been started, the client MUST discard cached
      information about server capabilities and SHOULD re-issue the
      CAPABILITY command.  This is necessary to protect against man-in-
      the-middle attacks which alter the capabilities list prior to
      STARTTLS.  The server MAY advertise different capabilities after
      STARTTLS.

   Example:    C: a001 CAPABILITY
               S: * CAPABILITY IMAP4rev1 STARTTLS LOGINDISABLED
               S: a001 OK CAPABILITY completed
               C: a002 STARTTLS
               S: a002 OK Begin TLS negotiation now
               <TLS negotiation, further commands are under [TLS] layer>
               C: a003 CAPABILITY
               S: * CAPABILITY IMAP4rev1 AUTH=PLAIN
               S: a003 OK CAPABILITY completed
               C: a004 LOGIN joe password
               S: a004 OK LOGIN completed
Community
  • 1
Ryan Babchishin
  • 6,160
  • 2
  • 16
  • 36
  • what's the point of you posting this? – Johshi Aug 13 '16 at 15:54
  • @Johshi What's wrong? – Ryan Babchishin Aug 13 '16 at 15:56
  • how does that answer my question? I've already seen the rfc. – Johshi Aug 13 '16 at 15:57
  • @Johshi The RFC completely documents the IMAP protocol. It tells you everything you could want to know. Users are generally expected to do a little research on their own when they ask questions, it's even a reason for a down vote. If you read about the protocol or already have and you're still stuck, someone will help you I'm sure. But I just pointed you to the manual for IMAP (the **link**, not the text in the grey area if you were confused). – Ryan Babchishin Aug 13 '16 at 16:00
  • If you've already seen the RFC, what was wrong? It would have stated clearly how to interact with an IMAP server after "OK Begin TLS negotiation now", right? – Ryan Babchishin Aug 13 '16 at 16:03
  • 1
    To echo Ryan's comments. If you have read the relevant sections of the RFC and still do not feel there is enough information to answer your question, perhaps try getting in touch with the [IMAP mailing list](http://www.imapwiki.org/ImapProtocolList). – Mark Riddell Aug 13 '16 at 16:33
  • @Johshi As far as I can tell, this exactly answers the question posted at the top of the page. If this isn't what you wanted to know, please edit the question to clarify what you are looking for. – Michael Hampton Aug 13 '16 at 18:09