PMDF System Manager's Guide


Previous Contents Index

15.1 Overview of Operation

There are two modes of operation that PMDF-TLS supports:

  1. Connecting to a TLS-enabled port where TLS negotiation happens immediately once the TCP connection has been established; and
  2. Connecting to a "regular" port and then issuing a STARTTLS command1 to begin TLS negotiation.
The only difference between these two modes is when the TLS negotiation happens. In both cases, once the TLS negotiation is complete, all subsequent data sent across the TCP connection will be secure.

Connecting to a special port number is currently the more commonly used way to connect to a TLS-enabled server, but connecting to a regular port and issuing a STARTTLS command is expected to become the preferred technique. SMTP, IMAP, and POP3 all have established ports for use with TLS (port numbers 465, 993, and 995, respectively). When a client connects to one of these special ports (as configured in the Dispatcher configuration file), PMDF-TLS will immediately begin TLS negotiation. Once the negotiation is complete, the connection will be given to the service as usual.

In the case that a STARTTLS command is used, the TCP connection is established on the usual port number (or an alternate port number if configured in the Dispatcher) and given to the service normally. For instance, if TLS is available to the client in an SMTP session, the server will advertise STARTTLS as one of its available SMTP extensions; the client will then issue the STARTTLS command, the server will acknowledge receipt of the SMTP command and instruct the client to begin TLS negotiation. Again, once the negotiation is complete, the connection continues normally.

Note

1 RFC 2487 defines the STARTTLS command for SMTP; RFC 2595 defines the STARTTLS command for IMAP and POP.


Previous Next Contents Index