[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Vidalia error message with TorBirdy

On 03.07.2013 00:14, anonymous coward wrote:
> Oh, I just checked, I used STARTTLS, which actually is port 143.

If STARTTLS was enforced for IMAP (port 143) it is safe like SSL for
IMAPS (port 993).

But Tor does not know, if STARTTLS was enforced or only desired in your
Thunderbird configuration. If it was only desired it is possible for an
attacker to disable TLS encryption by override the signal to start the
TLS handshake.

Tor will give you a warning about possible insecure connection. But did
not know if the connection was really insecure.

Latest Thunderbird versions enforce STARTTLS if it was selected. The
weak option "Use STARTTLS if possible" is not available any more in
Thunderbird. You may use IMAP with STARTTLS, if your provider does not
offer IMAPS.

Best regards
Karsten N.
tor-talk mailing list