-
Notifications
You must be signed in to change notification settings - Fork 22
Add support for startTLS #35
Comments
This feature is mandatory. One reason is solely to support Microsoft Exchange SMTP server which can only use TLS through STARTTLS. Also, it can be handy to be able to exchange non "critical" information before going to encrypted communication. Here are a few good arguments for having that kind of capability : http://www.gnutls.org/manual/gnutls.html#How-to-use-TLS-in-application-protocols |
See #10 for a proposal for an updateToSecure() method. |
Many SMTP servers only support STARTLS. I think many other protocols could benefits from this. |
As pointed out by Jonas at the SysApps TPAC meeting on Nov 12 2013 we must consider the issue when sending buffered data is in progress and upgrade to TLS takes place. Should the upgrade be postponed until the buffered data has been sent? |
Sorry ClaesNilsson, But I don't understand what you wrote. |
We already have support for using TLS when creating a socket. It would be great to add support for upgrading an existing socket to TLS too.
Issue #10 is dealing with more complex encryption issues, which I think is great and we should continue to discuss them there. This issue is specifically for adding support for doing upgrades using the same type of certificate and algorithm handling as we already have support for when setting up an initial connection.
Mozilla is looking into adding support for this to our implementation of TCPSocket (which isn't yet up-to-spec)
https://bugzilla.mozilla.org/show_bug.cgi?id=784816
The text was updated successfully, but these errors were encountered: