User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199) Gecko/20070713 Firefox/188.8.131.52 Build Identifier: version 184.108.40.206 (20070716) Product must be secure by default. I see no reason to leave checkbox "use secure connection" at "never" selection. Consider this bug as blocker for SMTP only IMAP and POP3 not affected https://bugzilla.mozilla.org/show_bug.cgi?id=368611 Reproducible: Always
IMO the "TLS if available" setting as default when creating a new account is justified. If the POP/IMAP server supports TLS it is used, and if not it falls back to plain text.So no harm will be done if there is no STARTTLS. In Thunderbird 2 I even found no configuring option to change this default.I think this could be done without changing the code too much.
It already is the default for SMTP (when you create a new smtp server). That was fixed in bug 97161.
Though bug 387421 may be the ultimate solution.
If was refering to the POP3/IMAP server setup, not SMTP. Here the problem persists.
Confirming RFE. Does anyone know about downsides for this? Except for that it could potentially let you into false state of security, arguably not much though.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: use TLS, if available - must be enabled by default → use TLS, if available as default for POP/IMAP too (not "never")
There one little downside if server advertise support TLS but it doesn't really work (broken server configuration). TB may unable to connect to such server.
(In reply to comment #6) > There one little downside if server advertise support TLS but it doesn't really > work (broken server configuration). TB may unable to connect to such server. If this gets implemented we would need to tell the world we did. Proper sysadmins would check then. Requesting for TB3 as this seems low risk - easy to implement and adds value to the user.
Actually, "if available" is insecure and therefore being phased out (see e.g. bug 350314). I think the new account setup (bug 350314) is going to do a one time check at account creation. As such ->WONTFIX
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Flags: wanted-thunderbird3? → wanted-thunderbird3-
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.