mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
docs: Clarify description of explicit TLS (#3017)
* Fix #3007: Changed description of explicit TLS to indicate that insecure connections are rejected * Further clarification that description only applies to authentication Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
parent
efeb93e094
commit
b2cd66fcda
|
@ -66,7 +66,7 @@ flowchart LR
|
||||||
|
|
||||||
#### Explicit TLS (aka Opportunistic TLS) - Opt-in Encryption
|
#### Explicit TLS (aka Opportunistic TLS) - Opt-in Encryption
|
||||||
|
|
||||||
Communication on these ports begin in [cleartext][ref-clear-vs-plain], indicating support for `STARTTLS`. If both client and server support `STARTTLS` the connection will be secured over TLS, otherwise no encryption will be used.
|
Communication on these ports begin in [cleartext][ref-clear-vs-plain], indicating support for `STARTTLS`. If both client and server support `STARTTLS` the connection will be secured over TLS, otherwise the connection is unable to use encryption to secure it. By default, `docker-mailserver` is configured to reject connections that fail to establish a secure connection when authentication is required, rather than allow an insecure connection (_Port 25 will allow receiving unencrypted deliveries which doesn't require authentication_).
|
||||||
|
|
||||||
Support for `STARTTLS` is not always implemented correctly, which can lead to leaking credentials(client sending too early) prior to a TLS connection being established. Third-parties such as some ISPs have also been known to intercept the `STARTTLS` exchange, modifying network traffic to prevent establishing a secure connection.
|
Support for `STARTTLS` is not always implemented correctly, which can lead to leaking credentials(client sending too early) prior to a TLS connection being established. Third-parties such as some ISPs have also been known to intercept the `STARTTLS` exchange, modifying network traffic to prevent establishing a secure connection.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue