[MlMt] Trouble connecting to iCloud (certificate validation)
Bill Cole
mmlist-20120120 at billmail.scconsult.com
Thu Aug 20 23:11:03 EDT 2015
On 20 Aug 2015, at 11:46, Benny Kjær Nielsen wrote:
> MailMate is bad at handling port 465 (even when it works), because
> some servers use it SSL style and some use it TLS style (as in port
> 993 vs 143 for IMAP).
Wait... What?! REALLY? There are servers answering on port 465 with a
plaintext SMTP banner? That is irredeemably broken. I could understand
trying to tighten up port 465 by disabling SSLv2 and SSLv3 specifically
(maybe even TLSv1.0) and weak ciphers, but configuring it like it's port
587 is beyond the pale.
Not that SMTPS on port 465 was EVER a real standard, but in the draft
that Netscape tossed out the door as they were dismembering themselves,
it *was* specified: as SSL-on-connect just like 443 for HTTPS, 993 for
IMAPS, 995 for POPS. It's just that SMTP operationally is a bad fit for
a dedicated secure port and the whole concept of dedicated secure ports
was ill-conceived.
In an ideal world mail clients wouldn't need to support mail submission
in any mode other than port 587 with STARTTLS using one of the AUTH
mechanisms that don't require them to store passwords recoverably. Mail
systems that don't offer that in 2015 ought to be viewed with deep
suspicion.
More information about the mailmate
mailing list