Score:0

does SSL/TLS STARTLS full encrypt connexion for POP and IMAP

hm flag

I am configuring POP and IMAP accounts in thunderbird mail client.

Here are 2 options:

Security:

  • None
  • SSL/TLS
  • STARTLS

Authentication method:

  • Normal password
  • Encrypted password
  • Kerberos / GSSAPI
  • NTLM
  • OAuth2

I have 2 mails accounts: One POP and the other is an IMAP account.

I want to be sure nobody can listen my password and any mail content by sniffing network.

I have tried "SSL/TLS" and "STARTTLS" options. They work both. But my mail server does only support "normal password" option.

Can you confirm me SSL/TLS and STARTTLS full encrypts the connexion and nobody can sniff anything (passwords and content) ?

Thanks a lot

Score:0
in flag

SSL/TLS and STARTTLS are basically the same. Both encrypts the data stream, so no one on the network can peek into it. In this case, the "normal password" option is of little concern, since the password cannot be sniffed.

The difference between STARTTLS and SSL is that SSL is encrypted "from the beginning", i.e. the client connects to the server, and the first thing they do is exchange keys, and start encryption. In case of STARTTLS, the connection is in plain text at the beginning, and encryption starts when the client issues the STARTTLS command. After that, the process is the same, key exchange, etc.

Practically, there is little difference, as the client issues the STARTTLS command immediately after connecting, so in this case, the only thing an attacker can sniff is the EHLO command, the answer to it (which they can query from the server anyway), and the STARTTLS command itself. After that, noise.

Bob5421 avatar
hm flag
So what is the value add of password encryption options ?
in flag
In my opinion, not much.
Michael Hampton avatar
cz flag
@Bob5421 They protect your password _from the admins_ and anyone else who could break the TLS connection. Not to mention they protect your password entirely on unencrypted connections.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.