Improved managesieve docs with regards to TLS #1190
Conversation
| @@ -98,6 +110,7 @@ are shown. | |||
| service managesieve-login { | |||
| #inet_listener sieve { | |||
| # port = 4190 | |||
| # ssl = yes | |||
There was a problem hiding this comment.
Hmm. Seems wrong to recommend changing the standard sieve port to use implicit TLS. Clients expect it to be plaintext / STARTTLS. Not sure if there is any standard implicit TLS port for it, probably not? @stephanbosch thoughts?..
There was a problem hiding this comment.
Seems wrong to recommend changing the standard sieve port to use implicit TLS. Clients expect it to be plaintext / STARTTLS.
Most clients I know of support all 3. roundcube definitely does for example. Plaintext of course should discouraged, but even STARTTLS should be discouraged at this point due to potential downgrade attacks. RFC8314 for example recommends against STARTTLS.
Not sure if there is any standard implicit TLS port for it, probably not?
I could not find one.
No description provided.