www.noreply.org :: TLS


Transport Layer Security (similar to SSL) brings forward secrecy to Internet Email by encrypting SMTP traffic.

Even though usual remailer mail is already encrypted, TLS adds security because the key used in TLS sessions usually is ephemeral - i.e. it only exists for seconds and is destroyed immediatly after use. Whether or not short-lived keys are used depends on the cipher suite chosen. (The EDH (Ephemeral Diffie-Hellman) ciphers use ephemeral keys.)

Ephemeral keys make it impossible to decrypt data which was eavesdropped at one time by compromising a remailer's key later.

Since remailer keys are valid for weeks, sometimes years, this makes remailing more secure.

The submission column indicates that a mailserver acceps mails on port 587 (submission). The smtps column that it accepts SSL connections on port 465 (smtps) for use with stunnel and similar. Some hosts also accept normal connections on port 2525 - this is indicated in the column 2525. Please note that some hosts may enforce the use of TLS on the submission port.

Stunnel can do STARTTLS using -n smtp or with protocol = smtp in your config file, depending on your version.

See the Encrypted Email - TLS/SSL on banasplit for a howto on using stunnel on Windows with Quicksilver and JBN2.

remailermail exchangerpriorityTLSsubmissionsmtps2525error/warning
announced - does not work no N/A yes no ">yes
no yes no

Built at .

web@palfrader.org - Valid HTML 4.01!