Opened 5 years ago

Closed 5 years ago

#6338 closed defect (fixed)

enable connection security by default

Reported by: proper Owned by: ioerror
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Keywords:
Cc: proper, sukhbir.in@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

After adding a POP/IMAP or SMTP accounts, connection security is disabled by default. That's bad. Please enable STARTLS or SSL/TLS by default.

Most mail providers support SSL these days. People really should feel encouraged to use it.

At the same time, "check for new messages on startup" (#6336) and "check for new messages every 10 minutes" (#6337) is activated, which increases probability to send login data in cleartext.

And also please prevent people from shooting their own feet, i.e. people who forget to look through all options and giving their passwords to exit nodes.

Child Tickets

Change History (2)

comment:1 in reply to:  description Changed 5 years ago by sukhbir

Cc: sukhbir.in@… added

Replying to proper:

After adding a POP/IMAP or SMTP accounts, connection security is disabled by default. That's bad. Please enable STARTLS or SSL/TLS by default.

Fixed (defaulted to SSL/TLS as default as suggested by tagnaq). Thanks for mentioning this!

comment:2 Changed 5 years ago by sukhbir

Resolution: fixed
Status: newclosed

Marking this as fixed as we are now defaulting to SSL/TLS for both incoming and outgoing servers.

Note: See TracTickets for help on using tickets.