Highest Voted 'starttls' Questions - Server Fault Stack Exchange

69

votes

8 answers

Is STARTTLS less safe than TLS/SSL?

In Thunderbird (and I assume in many other clients, too) I have the option to choose between "SSL/TLS" and "STARTTLS". As far as I understand it, "STARTTLS" means in simple words "encrypt if both ends support TLS, otherwise don't encrypt the…

ssl encryption starttls

asked Jul 16 '13 at 19:07

Foo Bar

829
1
6
10

16

votes

2 answers

Is it still "wrong" to require STARTTLS on incoming SMTP messages

According to the STARTTLS Spec Section 5: A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally. This rule prevents the STARTTLS extension from damaging the interoperability of the…

email smtp starttls

asked Aug 24 '14 at 21:47

jackweirdy

283
2
10

10

votes

1 answer

Postfix Recipient address rejected: Access denied Error

Trying to use zend mail smtp to send email from my php app login authenticated and give me this constant error I don't have to deal with I look into de 36 question here on serverfault.com changing parameters as they explain without success. The…

postfix tls smtp-auth starttls

asked Jan 13 '15 at 13:55

MikZuit

391
2
7
16

9

votes

3 answers

Postfix configure to use TLSv1.2

I start build my first cloud server: Ubuntu 16.04 with postfix. Question is how can i configure postfix to use TLSv1.2 when i send mail from my webshop? When my webshop sending mail to my postfix server it uses TLSv1 Here is…

postfix starttls

asked Sep 19 '16 at 09:03

John Steave

103
1
1
4

8

votes

2 answers

TLS: hostname does not match CN in peer certificate

im trying to connect LDAP over StartTLS but Im stuck with an issue. I've followed step by step this guide https://help.ubuntu.com/12.04/serverguide/openldap-server.html#openldap-tls and LDAP it's working OK as well as "ldapsearch -xZZ -h…

ldap certificate starttls

asked Nov 28 '12 at 19:26

borjamf

89
1
1
4

7

votes

2 answers

How can I decrypt STARTTLS communication over SMTP in a packet capture (if I have the private key)?

For the purpose of troubleshooting, I need to see what an email looks like when it's sent to my sendmail server via SMTP. The upstream server requires the SMTP connection to use STARTTLS so a packet capture only shows me encrypted data. Is there a…

ssl sendmail wireshark packet-capture starttls

asked Aug 11 '17 at 17:29

Mike B

11,570
42
106
165

7

votes

2 answers

Postfix "Trusted TLS connection established" but "Server certificate not verified"

I´m using a Postfix TLS Policy to enforce TLS for outgoing email. Unfortunately in some cases the certificate verification fails and I don´t know why. For instance, this is an excerpt of my TLS Policy #/C=US/O=DigiCert…

postfix tls starttls

asked Feb 26 '16 at 09:53

Jofre

529
1
4
11

7

votes

2 answers

lost connection after STARTTLS: Postfix

I've setup a Postfix + Courier server and have a Rails app configured with the SMTP server settings. Whenever the Rails app tries to send an email, this is what appears in the Postfix log (additional log verbosity set in master.cf) Feb 22 03:57:24…

ssl postfix ruby-on-rails tls starttls

asked Feb 22 '11 at 04:00

webo

183
1
1
5

6

votes

1 answer

postfix TLS configuration for incoming gmx-mail

I set up my mailserver with postfix 2.7.1 and dovecot 1.2.15 and everything seemed to work just fine, but now I found out that people using @gmx.net addresses cannot send emails to me and rather receive the error message Connected to …

postfix configuration tls starttls

asked Oct 13 '12 at 23:13

Stefan

163
3

5

votes

3 answers

SNI like equivalent for starttls

I am trying to host two seperate domains on one IP address. I want to be able to determine from the STARTTLS command which certificate was being requested and forward to a different mail server based on the domain. This doesn't seem to be possible…

smtp starttls

asked Jun 16 '17 at 21:59

user420606

5

votes

1 answer

How to mitigate STARTTLS MITM (downgrading and forged certificates) between email servers?

I'm not as technically inclined as most on this site so please keep that in mind. I wanted to learn more about email security so I did some research and everything is according to my understanding, so please correct me wherever needed. The…

ssl tls starttls

asked Jun 04 '15 at 02:25

Ian Last

51
3

5

votes

1 answer

Postfix STARTTLS only on port 25

I want to enable STARTTLS on port 25, but for unknown reasons it only works on port 465. master.cf: smtp inet n - - - - smtpd -o syslog_name=postfix/smtp -o smtpd_tls_wrappermode=yes -o…

debian postfix smtp tls starttls

asked Mar 19 '15 at 15:38

JohnnyFromBF

1,239
6
21
25

5

votes

0 answers

LDAP with TLS: connect error(-11)

I configured OpenLDAP and today I've configured the TLS for more security following these guide lines: Configure OpenLDAP with TLS=required Modifying the cn=config.ldif with config file: dn: cn=config changetype: modify add:…

openldap tls ldap starttls

asked Feb 04 '15 at 15:23

Neil

335
3
9
16

5

votes

2 answers

ejabberd starttls_required in c2s/s2s and disable SSLv3 + unsecure Ciphers

I'm using ejabberd on Ubuntu. My configuration looks like this: {5269, ejabberd_s2s_in, [ {shaper, s2s_shaper}, {max_stanza_size, 131072}, starttls_required …

ssl xmpp ejabberd starttls

asked Feb 26 '14 at 01:47

pythonimus

367
1
3
12

5

votes

3 answers

Is a self signed cerificate secure from man in the middle once you have accepted it

I have a mail server that has a self signed SSL certificate. I use Thunderbird to access this server, and it asks me to accept this certificate. So lets say I accept this in a semi secure location, for example on a local network. Then move on to an…

certificate man-in-the-middle starttls

asked Jan 23 '12 at 15:42

Don Juan

53
2

Questions tagged [starttls]