use TLS, if available as default for POP/IMAP too (not "never")

RESOLVED WONTFIX

Status

--
enhancement
RESOLVED WONTFIX
11 years ago
10 years ago

People

(Reporter: shopik, Unassigned)

Tracking

Bug Flags:
wanted-thunderbird3 -

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Build Identifier: version 2.0.0.5 (20070716)

Product must be secure by default. I see no reason to leave checkbox "use secure connection" at "never" selection.
Consider this bug as blocker for SMTP only IMAP and POP3 not affected
https://bugzilla.mozilla.org/show_bug.cgi?id=368611


Reproducible: Always
(Reporter)

Updated

11 years ago
Version: unspecified → 2.0

Comment 1

11 years ago
IMO the "TLS if available" setting as default when creating a new
account is justified. If the POP/IMAP server supports TLS it is
used, and if not it falls back to plain text.So no harm will be done
if there is no STARTTLS.

In Thunderbird 2 I even found no configuring option to change this
default.I think this could be done without changing the code too
much.

Comment 2

11 years ago
It already is the default for SMTP (when you create a new smtp server). That was fixed in bug 97161.

Comment 3

11 years ago
Though bug 387421 may be the ultimate solution.

Comment 4

11 years ago
If was refering to the POP3/IMAP server setup, not SMTP.
Here the problem persists.

Comment 5

11 years ago
Confirming RFE. Does anyone know about downsides for this? Except for that it could potentially let you into false state of security, arguably not much though.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: use TLS, if available - must be enabled by default → use TLS, if available as default for POP/IMAP too (not "never")
(Reporter)

Comment 6

11 years ago
There one little downside if server advertise support TLS but it doesn't really work (broken server configuration). TB may unable to connect to such server.

Comment 7

11 years ago
There was some related discussion in bug 311657, esp. comment 33 to 39.

Updated

11 years ago
Duplicate of this bug: 423888
(Reporter)

Updated

10 years ago
Version: 2.0 → Trunk
(In reply to comment #6)
> There one little downside if server advertise support TLS but it doesn't really
> work (broken server configuration). TB may unable to connect to such server.

If this gets implemented we would need to tell the world we did. Proper sysadmins would check then.

Requesting for TB3 as this seems low risk - easy to implement and adds value to the user.
Flags: wanted-thunderbird3?

Comment 10

10 years ago
Actually, "if available" is insecure and therefore being phased out (see e.g. bug 350314).

I think the new account setup  (bug 350314) is going to do a one time check at account creation.

As such
->WONTFIX
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Flags: wanted-thunderbird3? → wanted-thunderbird3-
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.