On Thu, 06 Aug 2009 13:28:51 +0200, Julien Vehent julien@linuxwall.info wrote:
On Thu, 06 Aug 2009 13:20:20 +0200, "A.L.E.C" alec@alec.pl wrote:
Julien Vehent wrote:
&& strncasecmp($this->host, 'ssl://', 6) != 0
!!!! http://php.net/manual/en/function.strncasecmp.php
$rcmail_config['smtp_server'] = 'ssl://localhost';
// SMTP port (default is 25; 465 for SSL)
$rcmail_config['smtp_port'] = 25;
I'm sure that your postfix does not use SSL on 25 port.
The only thing I'm sure of, is that this postfix configuration works
fine
with thunderbird in TLS mode.
TLS != SSL
My extremely humble excuses for this mistake... after changing the configuration several times, I had forgotten this ssl://
it works fine now, as shows the capture : http://www.linuxwall.info/files/starttlsroundcubetrace.pcap.txt
May I recommend that the comments in the main.inc.php explain this issue
?
I am always confused about the difference SMTP makes between SSL and
TLS.
It doesn't quite make sense to me to handle the two protocols separately since one is just the renamed evolution of the other. But this is not roundcube's problem.
There is a fundamental difference between SSL and TLS:
- An SSL (Secure Socket Layer) connection involves authentication and/or
encryption during establishment of the socket connection. In other words, the socket connect() wraps the certificate/key negotiation and the application/presentation-level protocol is ignorant of the presence of additional security
- TLS (Transport Layer Security) refers to introduction of
authentication/encryption after the socket connection is already established and the application-level protocol is underway. The socket() connection is initially a normal raw/plain-text connection, and the application-level protocol (in this case SMTP) requests the certificate/key negotiation during the information exchange that takes place after the socket connection has been established (e.g. the STARTTLS SMTP command).
This difference is why TLS is usually available on the same port/socket as the normal/insecure protocol, whereas SSL typically requires a new port/protocol (e.g. imaps:993 vs. imap:143). An SSL server starts in with the key exchange immediately upon acceptance of the socket connect(), whereas a non-SSL server accepts plain connections and can optionally add TLS later.
Thanks for you help alec.
Julien
List info: http://lists.roundcube.net/dev/