4439 – Use implicit TLS as default (and not plaintext)

Bug 4439 - Use implicit TLS as default (and not plaintext)

Summary: Use implicit TLS as default (and not plaintext)

Status:	NEW

Alias:	None

Product:	Claws Mail (GTK 2)
Classification:	Unclassified
Component:	UI (show other bugs)
Version:	3.17.8
Hardware:	PC Linux

Importance:	P3 enhancement
Assignee:	users

URL:

Depends on:
Blocks:

Reported:	2021-01-31 16:51 UTC by Damian Poddebniak
Modified:	2021-04-28 14:39 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Damian Poddebniak 2021-01-31 16:51:23 UTC

Claws defaults to plaintext for all email protocols. This should be changed to implicit TLS for SMTP (port 465), POP3 (port 995), and IMAP (port 993) and Claws should also warn about plaintext connections.

Comment 1 Gerard Seibert 2021-01-31 17:54:56 UTC

Historically, port 465 was initially planned for the SMTPS encryption and authentication “wrapper” over SMTP, but it was quickly deprecated (within months, and over 15 years ago) in favor of STARTTLS over SMTP (RFC 3207). Despite that fact, there are probably many servers that support the deprecated protocol wrapper, primarily to support older clients that implemented SMTPS. Unless you need to support such older clients, SMTPS and its use on port 465 should remain nothing more than a historical footnote.

The hopelessly confusing and imprecise term, SSL, has often been used to indicate the SMTPS wrapper and TLS to indicate the STARTTLS protocol extension.

Defaulting to port 587 with STARTTLS would be the most logical solution. All of the major web email services are implementing that now.

Comment 2 Damian Poddebniak 2021-01-31 17:59:28 UTC

Hey, please see RFC 8314 sec. 3.3. and 7.3.

Comment 3 Damian Poddebniak 2021-01-31 18:20:47 UTC

Evolution, Geary, K9-Mail, ... and multiple Android apps already use port 465 as default.

Here is a list of popular mail providers:

GMail                  
Outlook.com (465 not supported)
Yahoo! Mail            
GMX, Mail.com, ...  
Zoho Mail           
iCloud Mail (465 not supported)
AOL MailHushmail
FastMail
Mailbox.org
Mail.Ru
Runbox

Outlook.com and iCloud Mail don't support SMTP on port 465. I don't think that should be a reason to not use 465 as default...

Comment 4 Gerard Seibert 2021-01-31 22:10:46 UTC

At the very least, Yahoo, Gmail, AOL, and Fastmail fully support STARTTLS on port 587. I would be surprised to see if the others didn't do so also.

Virtually all modern MUAs employ STARTTLS ON PORT 587. I run my own email server and use IMPAP + STARTTLS on port 143, as well as 587. I haven't had any problems.

I seriously doubt that Outlook will revert to using a deprecated protocol. Making '465' the default will only result in more service calls. Use 587 and let the casual user who wants to employ 465 do so at their own peril.

Comment 5 Damian Poddebniak 2021-01-31 22:21:35 UTC

The current recommendation from the IETF is:

"""
To encourage more widespread use of TLS and to also encourage greater consistency regarding how TLS is used, this specification now recommends the use of Implicit TLS for POP, IMAP, SMTP Submission, and all other protocols used between an MUA and an MSP.
""" [RFC 8314]

This port is not deprecated.

Note You need to log in before you can comment on or make changes to this bug.