Open Bug 270483 Opened 19 years ago Updated 3 years ago
Use TLS by default for SMTP, IMAP, POP3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Is there any reason why Mozilla doesn't default to using TLS for mail when available? Changing the default for "Use secure connection" from "No" to "TLS, if available" would make Mozilla possibly more secure (no plaintext passwords or emails between the client and the server, for servers that support it) and should have little, if any, impact on compability. This change could be made for SMTP now; for IMAP and POP3, it would have to await bugs 60377 and 218902, respectively. Reproducible: Always Steps to Reproduce: 1. Create a new account. Actual Results: Thunderbird / Mozilla defaults to sending cleartext passwords. Expected Results: Thunderbird / Mozilla should default to using encryption if available.
I myself have no objections using TLS if available as default. Establishing an encrypted link and sending a mail over it does take longer. That could be the only reason not to use this.
OS: Windows XP → All
Hardware: PC → All
In TB 1.0 and current 1.8a6 builds, it appears that this change has been made for SMTP -- I see "TLS, if available" selected by default when I add a new SMTP server. xref bug 97161.
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
18 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Bug 60377 has been closed. The 59th and 60th comment on that bug are valuable reading.
Depends on: 60377
I'd like to see TLS enabled by default too.
While I definitely agree with having the maximum level of security available by default, the larger context of this is the initial setup of an account with the account wizard. See bug 221030 (Thunderbird) and bug 80919 (Mozilla Suite / SeaMonkey) on this. The underlying problem also involves identifying the correct port and possible other encryption support (SSL) if TLS is not available. (In reply to comment #2) > In TB 1.0 and current 1.8a6 builds, it appears that this change has been made > for SMTP -- I see "TLS, if available" selected by default when I add a new SMTP > server. This is the case for the user interface in the SMTP account settings dialog, but I think that the account wizard is still setting it up on port 25 without any encryption. (In reply to comment #4) > Bug 60377 has been closed. The 59th and 60th comment on that bug are valuable > reading. This has been 2 years, no indication in that bug report though whether or not this IMAP/TLS issue has been resolved.
You need to log in before you can comment on or make changes to this bug.