Is STARTTLS needed when use Connect(ServerName, Port, IsUseSSL)?

+1 vote

When we connect to the server use the method imap.Connect(serverName, port, isUseSSL), and isUseSSL is true, so the connection is setup with SSL due to the documentation.

My question is in this case, to support TLS, do we still need to explicitly call imap.StartTLS() so that TLS is enabled? Or when isUseSSL is true, the SSL connection set up already support the higher version TLS or manually start tls is still needed?

In short, to connect to a server with SSL/TLS, which snippet is better?

imap.Connect(serverName, port, isUseSSL);
imap.StartTLS();

or

imap.Connect(serverName, port, isUseSSL);

by (580 points)

1 Answer

+1 vote
 
Best answer

No, you don't need STARTTLS when connection is already secured. In fact most likely an error will be raised by your server.

STARTTLS is only needed when you are connecting on plain text port using Connect(useSSL=false) and then explicitly upgrade the connection to use SSL/TLS.

Both methods: implicit SSL/TLS (ConnectSSL -or- Connect(useSSL=true)) and explicit SSL/TLS (Connect+StartTLS), use the same security protocols. Both client and server negotiate which protocols to use: SSL3.0, TLS1.0, TLS1.1, TLS1.2.

You can specify which protocols you want to use using EnabledSslProtocols property:

imap.SSLConfiguration.EnabledSslProtocols = SslProtocols.Tls12 |
    SslProtocols.Ssl3;

Use SSL with IMAP:
https://www.limilabs.com/blog/use-ssl-with-imap

SSL vs TLS vs STARTTLS:
https://www.limilabs.com/blog/ssl-vs-tls-vs-starttls-stls

by (297k points)
selected by
Login vs UseBestLogin
asked Jun 29, 2016 by Ming
...