It’s used to tell an email server that an email client (such as Gmail, Outlook, etc.) wants to upgrade an existing insecure connection to an encrypted one using SSL or TLS. STARTTLS is not a protocol but an email protocol command. The term ‘SSL/TLS’ is also commonly used. As a matter of fact, both names are used interchangeably and you can often find a reference to SSL when TLS is being referred to. SSL has since been deprecated, but it is still widely used along with its younger sibling. Four years later, a new standard – TLS – was introduced, offering a more reliable security profile. SSL was originally developed by Netscape in 1995 and was quickly implemented in the popular email clients at the time (their own client included). If, at any stage, such an email is intercepted, it won’t be of any use to whoever compromised your security. Both rely on a set of private and public keys to turn messages into useless strings of characters. SSL (Secure Socket Layer) and its successor TLS (Transport Layer Security) are two cryptographic protocols used in email transmission. Luckily, there are encryption methods in place that make their lives a bit more difficult. As such, it’s quite easy for the internet villains to intercept emails and make use of confidential information.
SSL and TLS – what are they all about?Īs you can read in our article on SMTP security, this protocol is not secured by default. Join us this time as we discuss the role of SSL/TLS and STARTTLS in email encryption. How about ECC and RSA? We’ll leave them for next time. STARTTLS is often associated with them and STLS appears every now and then. Hardly any email is sent without SSL or TLS. With the number of acronyms surrounding email encryption, it’s not hard to get lost.
0 kommentar(er)
