Home / server / Questions / 876544
Accepted
Nicholas
Asked: 2017-10-03 17:46:29 +0800 CST

Exchange IMAP Setup SSL & TLS

  • 772

Regarding set-up of IMAP on exchange 2010 sp3, there are a couple of things I don't understand.

1) I have SSL v2 & v3 disabled on the server via registry. So how are clients able to connect to the exchange server on port 993 with SSL enabled? Is it actually falling back to no security or falling forward to TLS?

2) According to the below dialogue, TLS should use port 143, but also no encryption should use port 143. So which is it? Is it purely controlled by the next tab 'Authentication'?

enter image description here

3) With the IMAP receive connector shown below, does the 'Integrated Windows Authenication' also only operate after the TLS connection is established or does it work outside the TLS connection?

enter image description here

ssl

1 Answers

  1. Best Answer

    Port 993 is for direct SSL/TLS and the default IMAP port 143 uses opportunistic TLS i.e. STARTTLS command to establish secured connection within the plain text connection.

    Both uses only ciphers you allow, so even while the port 993 is reserved for "SSL" the connection will be TLS if configured that way.

    FastMail's article SSL vs TLS vs STARTTLS covers this topic pretty well and also explains your confusion:

    One significant complicating factor is that some email software incorrectly uses the term TLS when they should have used STARTTLS.

    • 1