Page MenuHomePhorge
Create Task
Maniphest T865

STARTTLS to backend IMAP servers
Closed, ResolvedPublic
Actions

Description

Kolab tends not to offload TLS, nor terminate TLS, on the perimeter, but depending on deployment topology backend IMAP servers to Guam may support only explicit SSL/TLS via STARTTLS rather than implicit SSL/TLS -- in order to potentially provide the client with an option to upgrade the connection's security.

Currently, Guam does not improve the security to the backend server using STARTTLS, should such capability be available (CAPABILITY response from initial backend connection), while it should (opportunistically) unless explicitly configured otherwise ({ tls, false }).

NOTE: Guam should assume that the validation to the IMAP backend server passes successfully and without error, meaning that self-signed certificates and other such amateur-hour ventures should cause the connection to fail.

Details

Ticket Type
Task

Event Timeline

vanmeeuwen created this task.Nov 30 2015, 3:12 PM
vanmeeuwen raised the priority of this task from to 60.
vanmeeuwen updated the task description. (Show Details)
vanmeeuwen added a project: Guam.
vanmeeuwen moved this task to Backlog on the Guam board.
vanmeeuwen changed Ticket Type from Task to Task.
vanmeeuwen updated the task description. (Show Details)
vanmeeuwen subscribed.
vanmeeuwen lowered the priority of this task from 60 to 40.Nov 30 2015, 3:17 PM
seigo moved this task from Backlog to In Progress on the Guam board.Dec 3 2015, 8:41 PM
seigo moved this task from In Progress to Review on the Guam board.Dec 6 2015, 2:17 AM
vanmeeuwen moved this task from Review to Pending CI on the Guam board.Dec 17 2015, 9:53 AM
vanmeeuwen closed this task as Resolved.Jan 18 2016, 12:01 PM
vanmeeuwen claimed this task.
vanmeeuwen moved this task from Pending CI to Done on the Guam board.