Quote:
Originally Posted by colker  I disagree that it's the correct behavior. According to RFC 2487, "The STARTTLS keyword is used to tell the SMTP client that the SMTP server allows use of TLS."
It seems to me that just because the command is issued does not mean that the server is obligated to use TLS; it is allowed to use TLS. If the end user has not chosen to use TLS, the fact that the server is expired should be ignored because TLS is not going to be used.
I don't think that an option over which the end user has no control (the server sending STARTTLS) should prevent the user from sending mail. The end user is led to believe by the lack of checkmarks in the SSL-related checkboxes in Zimba that SSL in not going to be used. Yet because the SMTP server is sending a STARTTLS command that the user is not aware of actually leads Zimbra to do SSL-related checking (leading to prevention of sending mail). This is very misleading and confusing. |
First of all, in comment #9 I already provided workaround for any invalid certs.
Secondly, when any server advertises STARTTLS our policy is we will rely on it. It's a security policy we as a client take. There's a feature request open to optionally skip STARTTLS but that won't happen in 1.0.