summaryrefslogtreecommitdiffstats
path: root/doc/wiki/SSL.txt
blob: 7e32883e182d57e79a8476640b06c5abc5317e43 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
SSL
===

 * <Creating SSL certificates> [SSL.CertificateCreation.txt]
 * <Configuring Dovecot to use SSL certificates> [SSL.DovecotConfiguration.txt]

 * <Importing CAs and self-signed SSL certificates to clients>
   [SSL.CertificateClientImporting.txt]
 * SSL works pretty much the same universally, so for more information about
   SSL you can see for example Apache's documentation
   [http://httpd.apache.org/docs/2.2/ssl/].
 * Dovecot uses OpenSSL, so whatever information you find about it applies also
   to Dovecot.

SSL, TLS and STARTTLS confusion
-------------------------------

SSL and TLS terms are often used in confusing ways:

 * SSL (Secure Sockets Layer) is the original protocol implementation. SSLv3 is
   still allowed by Dovecot, but it's rarely used. Some clients use SSL to mean
   that they're going to connect to the imaps (993), pop3s (995) or smtps (465)
   port, although they're still going to use TLSv1 protocol.
 * TLS (Transport Layer Security) replaced the SSL protocol. TLSv1 protocol is
   used practically always nowadays. Some clients use TLS to mean that they're
   going to use STARTTLS command after connecting to the standard imap (143),
   pop3 (110) or smtp port (25/587). Nothing would prevent using SSLv3 protocol
   after STARTTLS command.

Unfortunately there doesn't seem to be any clear and simple way to refer to
these different meanings. SSL term is much more widely understood than TLS, so
Dovecot configuration and this documentation only talks about SSL when in fact
it means both SSL/TLS.

Originally SSL support was added to protocols by giving them a separate "SSL
port" (imaps, pop3s, etc.), where the SSL handshake starts immediately when
client connects, and only after the session is encrypted the regular protocol
handling begins. Using two separate ports for plaintext and SSL connections was
thought to be wasteful and adds complexity for clients which may wish to make
use of SSL when it is advertised, so STARTTLS command was added and intended to
deprecate the SSL ports. Clients using STARTTLS work by connecting to the
regular unencrypted port and immediately issue a STARTTLS command, after which
the session is encrypted. After SSL handshake there is no difference between
SSL port initiated connections and STARTTLS initiated connections.

SSL port deprecation never really happened, probably because of a few reasons:

 * Some admins don't even know about STARTTLS.
 * Some admins want to require SSL/TLS, but don't realize that this is also
   possible with STARTTLS (Dovecot has 'disable_plaintext_auth=yes' and
   'ssl=required' settings).
 * Some admins understand everything, but still prefer to allow only SSL ports
   (maybe with a firewall). This could be because it makes it easier to ensure
   that no information is leaked, because SSL/TLS handshake happens
   immediately. Some clients unfortunately try to do plaintext authentication
   without STARTTLS, even when IMAP server has told the client that it won't
   work.  Besides, it requires fewer round-trips if you begin SSL upon
   connection when you know you want it, instead of connect, negotiate
   capabilities, insist on TLS, then start all over again inside the encrypted
   session.
 * According to some reports (like this
   [https://it.slashdot.org/story/14/11/11/2349244/isps-removing-their-customers-email-encryption])
   STARTTLS can not guarantee encrypted delivery of mail.

(This file was created from the wiki on 2019-06-19 12:42)