First thanks for Iris, it works great with my Dovecot IMAP server, even with a huge number of mails (I've seen other IMAP clients crash when seening my mailbox ;) )

I have some remarks to the transport encryption settings in the account configuration dialogs.

They are currently checkboxes labeled with "Use SSL", "TLS" and "Force TLS".

For me, it was not clear what these options really do (as these terms are often used wrongly by mail software). I found out that

* "Use SSL" enables implicit TLS encryption (TLS handshake before protocol SMTP or IMAP)
* "TLS" enables unencrypted connection and that tries to upgrade the connection to encryption using "STARTTLS", but if STARTTLS fails, it continues unencrypted
* "Force TLS" also uses STARTTLS to upgrade the unencrypted connection to a TLS encrypted one, but fails if STARTTLS is not working

The Term "SSL" (Secure Socket Layer) is a trademark of Netscape Communications and has been since replaced (since 1999) with the term "TLS" (Transport Layer Security). The last SSL version, SSL v3 from 1996, has been deprectated by the IETF with RFC 7568 in 2015. Currenly in use are TLS 1.1, 1.2 and TLS 1.3 has just been finished during last weeks IETF in London (but the RFC is not yet released).

At least when the server is offering TLS, Iris does use TLS, not SSL (which is good, as all versions of SSL are obsolete and insecure).

So what Iris is (rightfully) offers is

* "implicit TLS"
* "opportunistic/optional STARTTLS"
* "mandatory STARTTLS"

As these options are mutually exclusive, perhabs using a drop-down list would be a better choice than check-boxes.

As for "implicit TLS", RFC 8314 ("Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access", https://tools.ietf.org/html/rfc8314 ) now specifies port 465 SMTPS as the default port to use implicit TLS for SMTP. This port had been discussed for this purpose back in the 1990ies, but never has been standardized. However many mail-servers offer implicit SMTP over TLS (SMTPS) on port 465. This RFC now documents current practice and makes it a recognized standard. It would be nice if Iris could set the port to 465 once the user selects "implicit TLS".

The default port for "opportunistic STARTTLS" and "mandatory STARTTLS" should be 587 (submission).

Default port for unencrypted SMTP from an MUA (like Iris) should also be 587 (submission).

I know that other mail clients also get this wrong. However this should not be an excuse to continue to confuse users ;)

A more detailed explanation on what the encryption options do could be given in a help bubble.

Please see this text as positive criticism, I really like to have a modern (and standards compliant) MUA on MorphOS.

Greetings

Carsten

Hey, thanks for your post. The UI for now just reflects the options of the underlying library doing the communications. I will give it another pass though.

Thanks @cstrotm! This would have been one of my questions I was going to ask about Iris. You answered it in advance.

Hello Jaca,

Quote:

Thanks for considering.

The underlying library (OpenSSL?) cannot change the names of the functions, as it would break existing code.

But the UI does not need to follow that example.

Happy Easter

Carsten

>> the underlying library doing the communications

> The underlying library (OpenSSL?)

I guess he means VMime.

http://morph.zone/modules/newbb_plus/viewtopic.php?forum=9&topic_id=12218&start=54
https://www.vmime.org
https://github.com/kisli/vmime

Yeah, vmime... I've already changed the UI, by the way.