[RCD] Error in SMTP over SSL

Eric Stadtherr estadtherr at gmail.com
Mon Aug 10 20:24:25 CEST 2009

On Thu, 06 Aug 2009 13:28:51 +0200, Julien Vehent <julien at linuxwall.info>
> On Thu, 06 Aug 2009 13:20:20 +0200, "A.L.E.C" <alec at alec.pl> wrote:
>> Julien Vehent wrote:
>>>> && strncasecmp($this->host, 'ssl://', 6) != 0
>> !!!! http://php.net/manual/en/function.strncasecmp.php
>>> $rcmail_config['smtp_server'] = 'ssl://localhost';                    

>>> // SMTP port (default is 25; 465 for SSL)                             

>>> $rcmail_config['smtp_port'] = 25;                                     

>> I'm sure that your postfix does not use SSL on 25 port.
>>> The only thing I'm sure of, is that this postfix configuration works
> fine
>>> with thunderbird in TLS mode.
>> TLS != SSL
> My extremely humble excuses for this mistake... after changing the
> configuration several times, I had forgotten this ssl://
> it works fine now, as shows the capture :
> http://www.linuxwall.info/files/starttlsroundcubetrace.pcap.txt
> May I recommend that the comments in the main.inc.php explain this issue
> I am always confused about the difference SMTP makes between SSL and
> It doesn't quite make sense to me to handle the two protocols separately
> since one is just the renamed evolution of the other. But this is not
> roundcube's problem.

There is a fundamental difference between SSL and TLS:
- An SSL (Secure Socket Layer) connection involves authentication and/or
encryption during establishment of the socket connection. In other words,
the socket connect() wraps the certificate/key negotiation and the
application/presentation-level protocol is ignorant of the presence of
additional security
- TLS (Transport Layer Security) refers to introduction of
authentication/encryption after the socket connection is already
established and the application-level protocol is underway. The socket()
connection is initially a normal raw/plain-text connection, and the
application-level protocol (in this case SMTP) requests the certificate/key
negotiation during the information exchange that takes place after the
socket connection has been established (e.g. the STARTTLS SMTP command).

This difference is why TLS is usually available on the same port/socket as
the normal/insecure protocol, whereas SSL typically requires a new
port/protocol (e.g. imaps:993 vs. imap:143). An SSL server starts in with
the key exchange immediately upon acceptance of the socket connect(),
whereas a non-SSL server accepts plain connections and can optionally add
TLS later.

> Thanks for you help alec.
> Julien
> _______________________________________________
> List info: http://lists.roundcube.net/dev/

Eric Stadtherr
estadtherr at gmail.com
List info: http://lists.roundcube.net/dev/

More information about the Dev mailing list