Page MenuHomePhorge

STARTTLS to backend IMAP servers
Closed, ResolvedPublic

Description

Kolab tends not to offload TLS, nor terminate TLS, on the perimeter, but depending on deployment topology backend IMAP servers to Guam may support only explicit SSL/TLS via STARTTLS rather than implicit SSL/TLS -- in order to potentially provide the client with an option to upgrade the connection's security.

Currently, Guam does not improve the security to the backend server using STARTTLS, should such capability be available (CAPABILITY response from initial backend connection), while it should (opportunistically) unless explicitly configured otherwise ({ tls, false }).

NOTE: Guam should assume that the validation to the IMAP backend server passes successfully and without error, meaning that self-signed certificates and other such amateur-hour ventures should cause the connection to fail.

Details

Ticket Type
Task

Event Timeline

vanmeeuwen raised the priority of this task from to 60.
vanmeeuwen updated the task description. (Show Details)
vanmeeuwen added a project: Guam.
vanmeeuwen moved this task to Backlog on the Guam board.
vanmeeuwen changed Ticket Type from Task to Task.
vanmeeuwen updated the task description. (Show Details)
vanmeeuwen subscribed.
vanmeeuwen lowered the priority of this task from 60 to 40.Nov 30 2015, 3:17 PM
vanmeeuwen claimed this task.
vanmeeuwen moved this task from Pending CI to Done on the Guam board.