iRedMail

Secure E-mail communication

In older days sending or viewing emails was exchanged with your email program in plain text, even username and password. Today this communication is secured through encryption. There's a lot of confusion when it comes to configuration. Some email programs let you choose from SSL, TLS, STARTTLS, Port number and other inaccurate terms.

SSL vs TLS

Confusion starts with SSL (secure socket layer) and TLS (transport layer security). In fact it's the same but SSL is old and TLS is new! The last specification for SSL is V3.0 and continues as TLS specification V1.0, sometimes referred as SSL V3.1.

SSL has many security issues but in the real world some old programs (client and server) still depend on SSL. In most server programs you can configure which encryption version is offered to the client program. It's a decision between security (only newest TLS version) and compatibility (all SSL/TLS versions).

I guess in a few years the term TLS will replace SSL completely. For now let me still use SSL/TLS in my documentation.

Plain text vs encrypted communication

Another confusion is the tcp port of transport layer and encryption. We all know http on port 80 sends everything in plain text and https on port 443 encrypted over a SSL/TLS Socket Connection. The decision to use encryption or not is bound to the port number. There is no way to initialize a TCP Socket Connection both for plain text and encryption on the same TCP port. I call this encryption SSL/TLS Socket Connection like https(443), imaps(993) or pop3s(995).

That was easy, right? Wouldn't it be nice to use the same TCP port for plain text and encrypted communication? How about starting a "Plain Text Socket Connection" and switch later to a SSL/TLS encrypted channel? Cool? That's exactly what STARTTLS does. It starts a plain text communication and does further data exchange on a SSL/TLS encrypted channel.