Dec 29, 2023: iRedMail-1.6.8 has been released.

**gilvancn** · 2017-10-13 03:30:32

gilvancn
Member
Offline

Registered: 2017-10-10
Posts: 14

Topic: TLS vs SSL

Is there any big difference between:
POP3 service: port 110 over TLS vs port 995 with SSL.
IMAP service: port 143 over TLS vs port 993 with SSL.

Why TLS is most recommended?

So, since TLS is the most recommended, how can I leave POP3 and IMAP services working only in TLS?

==== TRANSLATED FROM ORIGINAL TEXT ====
Há alguma grande diferença entre:
POP3 service: port 110 over TLS vs port 995 with SSL.
IMAP service: port 143 over TLS vs port 993 with SSL.

Porque TLS é mais recomendado?

Então, já que TLS é o mais recomendado, como posso deixar os serviços POP3 e IMAP trabalhando apenas em TLS?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**Chrissicom** · 2017-10-13 06:05:08

Chrissicom
Member
Offline

Registered: 2015-05-26
Posts: 46

Re: TLS vs SSL

TLS is newer and more secure. You should generally disable SSL including SSLv3 and only allow TLS connections. Whether you allow TLSv1 up to TLSv1.2 or only the latter depends on your use case.

Do not open Port 995 and 993 in iptables or whatever firewall you use, therefor the ports will be blocked even if you misconfigured something. Since I am not allowing POP3 but only IMAP I have only Port 143 open and Port 587 for SMTP.

**ZhangHuangbin** · 2017-10-13 14:19:58

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,793

Re: TLS vs SSL

Both TLS and SSL are secure, the difference is how they work.

*) With SSL, the port number you open can be used for secure connection, and secure connection only.
*) With TLS, the port number can be used for both secure and insecure connections. Usually client connects to port first, then issue command LIKE 'STARTTLS' to establish secure connection. If no such command issued, the connection is plain and insecure. This way we don't need 2 port numbers for insecure + secure connections.

Take SMTP and submission protocol for example. Let's say your server supports sending email through both insecure connection (port 25 without TLS) and secure connection (port 25 with TLS).

Here's how to send email through port 25 without TLS:

ehlo test.com
AUTH PLAIN AHBvc3RtYXN0ZXJAYS5pbwB3d3c=
mail FROM:<postmaster@a.io>
rcpt TO:<postmaster@a.io>
data
[...detailed message here...]
.

And here's secure connection (port 587 with TLS):

ehlo test.com
STARTTLS
ehlo test.com
AUTH PLAIN AHBvc3RtYXN0ZXJAYS5pbwB3d3c=
mail FROM:<postmaster@a.io>
rcpt TO:<postmaster@a.io>
data
[...detailed message here...]
.

**gilvancn** · 2017-10-15 21:36:44

gilvancn
Member
Offline

Registered: 2017-10-10
Posts: 14

Re: TLS vs SSL

Okay, got it, guys.
The firewall is preconfigured by iRedMail.
So, who controls the opening/closing of the ports (in CentOS 7), fail2ban or firewalld?

**ZhangHuangbin** · 2017-10-16 23:00:06

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,793

Re: TLS vs SSL

firewalld.

Dec 29, 2023: iRedMail-1.6.8 has been released.

TLS vs SSL

Posts: 5

1 Topic by gilvancn 2017-10-13 03:30:32

Topic: TLS vs SSL

2 Reply by Chrissicom 2017-10-13 06:05:08

Re: TLS vs SSL

3 Reply by ZhangHuangbin 2017-10-13 14:19:58

Re: TLS vs SSL

4 Reply by gilvancn 2017-10-15 21:36:44 (edited by gilvancn 2017-10-15 21:39:25)

Re: TLS vs SSL

5 Reply by ZhangHuangbin 2017-10-16 23:00:06

Re: TLS vs SSL

Posts: 5