7 Replies Latest reply on Apr 16, 2004 4:29 AM by kabirkhan

POP3 and TLS

kabirkhan Apr 11, 2004 6:11 PM

I have written the code for the TLS support for POP3, but am struggling to find a (free) mail client for Windows that supports STLS. If anybody knows of one please let me know, since I cannot test it.

I think the following from section 7 in rfc 2595 says that STLS is not common, but recommended as opposed to running with SSL.

Use of separate ports for SSL has caused clients to implement only
two security policies: use SSL or don't use SSL. The desirable
security policy "use TLS when available" would be cumbersome with
the separate port model, but is simple with STARTTLS.

Maybe we should implement SSL for POP and SMTP as well as TLS? It should just be a case of creating an extra ServerThread for each protocol listening on separate ports and using an SSLServerSocket by default.

Thanks,

Kab

1. Re: POP3 and TLS

kabirkhan Apr 12, 2004 6:18 AM (in response to kabirkhan)

The changes have been commited. So far I have not been able to find a client allowing me to test it. I have left it disabled in jboss-service.xml for now, so at least it does not break anything.

The only client I found supporting TLS was Eudora, but once the CAPA command returns STLS as one of its capabilities it simply issues a QUIT command and exits (rather than issuing the STLS command). So, if anybody knows of any clients supporting TLS for POP (Rather than SSL) please let me know, or try it out yourselves.

Cheers,

Kab
Actions
2. Re: POP3 and TLS

acoliver Apr 12, 2004 8:31 AM (in response to kabirkhan)

Yeah I think we should have SSL as well as TLS. Of course I thought they were the same thing doh.. It seemed logical at the time to divide thread pools by protocol and port. Would it now be more logical to make thread pools a seperate concept to be shared among port/protocol?

By default TLS and SSL should be disabled. I plan on putting instructions here: http://jboss.org/wiki/Wiki.jsp?page=MailServicesInstallingM1 as well as include them in the release. The reason being is that I don't want people to think they have TLS/SSL without setting up a keystore, etc.
Actions
3. Re: POP3 and TLS

kabirkhan Apr 12, 2004 9:09 AM (in response to kabirkhan)

If I have understood you correctly, I think it makes sense for the protocol to depend on the thread pools, rather than the thread pools depending on the protocol.

Maybe we could end up having just one server MBean, and define lists of secure and non-secure ports for the protocol to listen on and then on startup of the protocol make the server listen on the ports required if you get what I mean?

For M1 or later?
Actions
4. Re: POP3 and TLS

acoliver Apr 12, 2004 12:35 PM (in response to kabirkhan)

Yeah lets think of it around M3.
Actions
5. Re: POP3 and TLS

mk Apr 15, 2004 5:47 PM (in response to kabirkhan)

"acoliver" wrote:
Yeah lets think of it around M3.

Hi,

I read this too late and already did some changes that enable POP3/SSL. I added a new attribute to ServerMBean named "UsesSSL" that will cause the server to open a secure socket. So to support POP3/SSL (actually with this implementation it could also be IMAP, etc.../SSL) one has to configure another ServerMBean and name it accordingly, e.g.

Using this approach one can configure the server-parameters individually for secure and non-secure sessions, which might be an issue because of the different workload a secure connection causes.

Michael
Actions
6. Re: POP3 and TLS

acoliver Apr 15, 2004 10:04 PM (in response to kabirkhan)

No thats fine, I was talking about thread pools. Totally awesome that you've already got POP/SSL! Thats awesome.
Actions
7. Re: POP3 and TLS

kabirkhan Apr 16, 2004 4:29 AM (in response to kabirkhan)

Nice one!
Actions

Go to original post