Opened 7 years ago
Closed 7 years ago
#6338 closed defect (fixed)
enable connection security by default
Reported by: | proper | Owned by: | ioerror |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | Applications/TorBirdy | Version: | |
Severity: | Keywords: | ||
Cc: | proper, sukhbir.in@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
After adding a POP/IMAP or SMTP accounts, connection security is disabled by default. That's bad. Please enable STARTLS or SSL/TLS by default.
Most mail providers support SSL these days. People really should feel encouraged to use it.
At the same time, "check for new messages on startup" (#6336) and "check for new messages every 10 minutes" (#6337) is activated, which increases probability to send login data in cleartext.
And also please prevent people from shooting their own feet, i.e. people who forget to look through all options and giving their passwords to exit nodes.
Child Tickets
Change History (2)
comment:1 Changed 7 years ago by
Cc: | sukhbir.in@… added |
---|
comment:2 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Marking this as fixed as we are now defaulting to SSL/TLS for both incoming and outgoing servers.
Replying to proper:
Fixed (defaulted to SSL/TLS as default as suggested by tagnaq). Thanks for mentioning this!