commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruno Harbulot (JIRA)" <>
Subject [jira] [Created] (EMAIL-105) Clarify names for SSL and TLS
Date Mon, 16 May 2011 17:19:47 GMT
Clarify names for SSL and TLS

                 Key: EMAIL-105
             Project: Commons Email
          Issue Type: Improvement
            Reporter: Bruno Harbulot

The API offers two categories of settings for the configuration of SSL/TLS: {{setSSL}} and
{{setTLS}} (and respective associated methods).

The names are quite misleading, as this doesn't really oppose SSL and TLS. A number of e-mail
applications make this mistake, but "TLS" is used here to mean "using STARTTLS" and "SSL"
is used here to mean "SSL or TLS, upon connection".

The difference is that:
- With "SSL" (as incorrectly named here), the SMTP client connects to the SMTP server on a
dedicated port and starts the SSL/TLS handshake upon connection. This is then followed by
"normal" SMTP traffic on this SSL/TLS layer.
- With "TLS" (as incorrectly named here), the SMTP client connects to the SMTP server on the
same port as it would do for plain-text SMTP, exchanges a few SMTP commands, including [STARTTLS
(RFC 3207)| ], and then starts an SSL/TLS handshake to upgrade
to a secure channel.

This is not so much a difference between SSL and TLS, but rather a difference regarding when
the connection is turned into a secure one.
The difference between SSLv3 and TLS 1.0 is mostly a version difference, where SSLv3 is the
predecessor of TLS 1.0.
You can have an TLS 1.0+ upon connection, using the "SSL" setting, without using {{STARTTLS}}
(it's a version configuration up to the {{SSLEngine}} or {{SSLSocketFactory}}).
Similarly, although it's not written in the specification, some servers seem to accept an
SSLv3 handshake (instead of its successor version: TLS 1.0) after {{STARTTLS}}.

I'd suggest deprecating {{setSSL}} and {{setTLS}} and replacing them with {{setOnConnectSSL}}
and {{setStartTLS}} (or similar), respectively.

This message is automatically generated by JIRA.
For more information on JIRA, see:

View raw message