From: "Daniel L. Miller" on
OK - I'm an idiot. I'll just admit that up front and get it out of the way.

Now that that's settled, what is the difference between "SSL" and "TLS"
in a MUA - particularly Thunderbird - in a Postfix context?

I would have sworn I used to use Thunderbird with "SSL" specified and
connected to my Postfix servers fine. Now, I can only connect in "TLS"
mode. What did I break?

--
Daniel

From: Stan Hoeppner on
Daniel L. Miller put forth on 3/2/2010 1:18 AM:
> OK - I'm an idiot. I'll just admit that up front and get it out of the
> way.
>
> Now that that's settled, what is the difference between "SSL" and "TLS"
> in a MUA - particularly Thunderbird - in a Postfix context?
>
> I would have sworn I used to use Thunderbird with "SSL" specified and
> connected to my Postfix servers fine. Now, I can only connect in "TLS"
> mode. What did I break?

It's unlikely you'd forget setting up SSL. You would have likely created a
self signed server certificate and would have installed it on all clients
connecting to the server, just as must be done with web browsers connecting
to a secure site for the first time.

You've likely been using STARTTLS only, which doesn't require a key exchange
as SSL/TLS does. STARTTLS != TLS.

--
Stan

From: Bill Landry on
On 3/1/2010 11:51 PM, Stan Hoeppner wrote:
> Daniel L. Miller put forth on 3/2/2010 1:18 AM:
>> OK - I'm an idiot. I'll just admit that up front and get it out of the
>> way.
>>
>> Now that that's settled, what is the difference between "SSL" and "TLS"
>> in a MUA - particularly Thunderbird - in a Postfix context?
>>
>> I would have sworn I used to use Thunderbird with "SSL" specified and
>> connected to my Postfix servers fine. Now, I can only connect in "TLS"
>> mode. What did I break?
>
> It's unlikely you'd forget setting up SSL. You would have likely created a
> self signed server certificate and would have installed it on all clients
> connecting to the server, just as must be done with web browsers connecting
> to a secure site for the first time.
>
> You've likely been using STARTTLS only, which doesn't require a key exchange
> as SSL/TLS does. STARTTLS != TLS.

Huh, what? STARTTLS == Start TLS

http://en.wikipedia.org/wiki/STARTTLS

Bill

From: Stan Hoeppner on
Bill Landry put forth on 3/2/2010 2:01 AM:
> On 3/1/2010 11:51 PM, Stan Hoeppner wrote:
>> Daniel L. Miller put forth on 3/2/2010 1:18 AM:
>>> OK - I'm an idiot. I'll just admit that up front and get it out of the
>>> way.
>>>
>>> Now that that's settled, what is the difference between "SSL" and "TLS"
>>> in a MUA - particularly Thunderbird - in a Postfix context?
>>>
>>> I would have sworn I used to use Thunderbird with "SSL" specified and
>>> connected to my Postfix servers fine. Now, I can only connect in "TLS"
>>> mode. What did I break?
>>
>> It's unlikely you'd forget setting up SSL. You would have likely
>> created a
>> self signed server certificate and would have installed it on all clients
>> connecting to the server, just as must be done with web browsers
>> connecting
>> to a secure site for the first time.
>>
>> You've likely been using STARTTLS only, which doesn't require a key
>> exchange
>> as SSL/TLS does. STARTTLS != TLS.
>
> Huh, what? STARTTLS == Start TLS
>
> http://en.wikipedia.org/wiki/STARTTLS

He's talking about Thunderbird Bill. In that context, IIRC, one can check
the STARTTLS option box, and if the outgoing SMTP server doesn't support
STARTTLS, Thunderbird fails gracefully without error and falls back to plain
text mode. If, on the other hand, one checks SSL/TLS, you don't get the
graceful failure, but a hard error. This is the context of my STARTTLS !=
TLS comment. It's been a very long time since I messed with this, probably
pre 2.0, so my memory could be a little foggy. I would hope the Mozilla
team would have changed this behavior in recent revs of T-Bird.

--
Stan

From: Timo Sirainen on
On 2.3.2010, at 9.18, Daniel L. Miller wrote:

> OK - I'm an idiot. I'll just admit that up front and get it out of the way.
>
> Now that that's settled, what is the difference between "SSL" and "TLS"
> in a MUA - particularly Thunderbird - in a Postfix context?

http://wiki.dovecot.org/SSL tries to explain their difference.

> I would have sworn I used to use Thunderbird with "SSL" specified and
> connected to my Postfix servers fine. Now, I can only connect in "TLS"
> mode. What did I break?

You no longer have smtps port enabled?